What is “Trustworthy Software?”
Most software has defects in the coding which can cause the software to fail. Trustworthy Software is software that is appropriately free from such defects. It performs as it should, when it should and how it should.
No software can be proven to be completely free of all defects, but the level of “trustworthiness” should be appropriate for the purpose for which the software is used. This is achieved by considering each of five key facets, which together provide software with trustworthiness:
Safety, reliability, availability, resilience and security.
Each of these facets is required to some degree according to the purpose of the software.
What is the “Trustworthy Software Initiative (TSI)?”
The Trustworthy Software Initiative (TSI) is a public good initiative supported and funded through the UK Government’s National Cyber Security Programme (NCSP) with a mission to “Make Software Better”. TSI provides the knowledge, skills and capability for the supply, demand and education communities such that trustworthy software can be designed, implemented, sustainably maintained and assured in a risk-based, whole-life process.
TSI has collected and collated the body of existing guidance, relevant standards and best practice as its Trustworthy Software Framework (TSF). The TSF will continue to evolve, as a means for anyone to quickly find the information and advice they need to build, procure or work with trustworthy software.
The concepts, principles and techniques from the framework have been formalised in a British Standards Institution Publicly Available Specification PAS 754:2014 Software trustworthiness – Governance and management – Specification. PAS754 documents, for the first time, the overall principles for effective software trustworthiness, and was launched by the Minister for Universities and Science in June 2014. It includes technical, physical, cultural and behavioural measures alongside effective leadership and governance techniques to address five key facets of trustworthiness: safety, reliability, availability, resilience and security.
Why Trustworthy Software is important
Virtually every aspect of our lives is touched by information technology running a diverse range of software; from the way we listen to music, the phones we carry with us, the vehicles we drive, to the computers that support the information economy. The trend to embed software in everyday items is accelerating. Our daily lives and industrial processes are now heavily reliant on a wide range of underpinning software. Yet the root cause of many problems is untrustworthy software, caused by vulnerabilities relating to safety, reliability, availability, resilience and security. There is a pressing need to address the quality and robustness of our software – to establish its “trustworthiness”.
In June 2013 the Minister of State for Universities and Science summarised the Software challenge:
“Robust and reliable software is a vital tool for modern day businesses, enabling them to operate efficiently while protecting them from growing cyber security threats.”
TSI President Sir Edmund Burton expands on the concern:
“It is unacceptable to customers, users, shareholders and taxpayers that major programmes have been delayed and, in many cases, have failed because of serious defects in software – in development, in acceptance trials and in-service. All are entitled to expect the same degree of reliability, availability, security and resilience from their software as they have come to expect from the mechanical components of their systems.”