Trustworthy Software Foundation: Difference between revisions
Content deleted Content added
Bill.martin (talk | contribs) m →History: Add SSDRI |
Bill.martin (talk | contribs) Add Facets of Trustworthiness |
||
| Line 10: | Line 10: | ||
The Trustworthy Software Initiative (TSI) was established - originally as the Software Security, Dependability and Resilience Initiative (SSDRI) - in July 2011 to draw together the activity and provide a one-stop shop for guidance and information about trustworthy software development. It was renamed from SSDRI to TSI in September 2012. |
The Trustworthy Software Initiative (TSI) was established - originally as the Software Security, Dependability and Resilience Initiative (SSDRI) - in July 2011 to draw together the activity and provide a one-stop shop for guidance and information about trustworthy software development. It was renamed from SSDRI to TSI in September 2012. |
||
==Trustworthiness== |
|||
TSI considers Trustworthiness to consist of 5 Facets, which are often deleteriously handled as stovepipes: |
|||
* Safety - The ability of the system to operate without harmful states |
|||
* Reliability - The ability of the system to deliver services as specified |
|||
* Availability - The ability of the system to deliver services when requested |
|||
* Resilience - The ability of the system to transform, renew, and recover in timely response to events |
|||
* Security - The ability of the system to remain protected against accidental or deliberate attacks |
|||
This definition of Trustworthiness is an extension of a widely used definition of Dependability<ref>"Software Engineering", I Sommerville, (9th Edition Feb 2010), ISBN-10: 0137053460, ISBN-13: 978-0137053469</ref>, adding a 5th Facet of Resilience. |
|||
==Operation== |
==Operation== |
||
| Line 18: | Line 30: | ||
==Current Activity== |
==Current Activity== |
||
* Enshrining its Trustworthy Software Framework (TSF) as [[PAS754|British Standards (BS) Publicly Available Specification (PAS) 754]] |
* Enshrining its Trustworthy Software Framework (TSF) as [[PAS754|British Standards (BS) Publicly Available Specification (PAS) 754]] |
||
*Starting promulgation of Software Trustworthiness across Education, initially targeting the“technical” undergraduate community, with the assistance of |
*Starting promulgation of Software Trustworthiness across Education, initially targeting the“technical” undergraduate community, with the assistance of the main Professional bodies ([[BCS]] / [[IET]]) |
||
*Working with Partners on means of Verification of Organisational Competence in Software Trustworthiness ([[TickIT|TickITPlus]]) |
*Working with Partners on means of Verification of Organisational Competence in Software Trustworthiness ([[TickIT|TickITPlus]]) |
||
Revision as of 16:28, 26 February 2014
The 'Trustworthy Software Initiative' (TSI)[1] is a UK Public Good activity, sponsored[2] by the UK governnment's Centre for the Protection of National Infrastructure, aimed at Making Software Better.
History
TSI evolved from a number of previous activities:
- A study by the Cabinet Office, Central Sponsor for Information Assurance (CSIA) in 2004-5 which identified a pervasive lack of secure software development practices as a matter for concern
- A Department of Trade and Industry (DTI – predecessor of BIS) Global Watch Report in 2006 which noted a relative lack of secure software development practices in the UK
- The Technology Strategy Board (TSB) Cyber Security Knowledge Transfer Network (CSKTN) Special Interest Group (SIG) on Secure Software Development (SSD, 2007-8)
- The TSB / Foreign and Commonwealth Office (FCO) Science and Innovation Network (SIN) Multinational Workshop “Challenges to building in … information security, privacy and assurance”, held in Paris in March 2009
- The Secure Software Development Partnership (SSDP) Study Period, funded jointly by TSB and the Centre for Protection of National Infrastructure, which ran in 2009-2010
The Trustworthy Software Initiative (TSI) was established - originally as the Software Security, Dependability and Resilience Initiative (SSDRI) - in July 2011 to draw together the activity and provide a one-stop shop for guidance and information about trustworthy software development. It was renamed from SSDRI to TSI in September 2012.
Trustworthiness
TSI considers Trustworthiness to consist of 5 Facets, which are often deleteriously handled as stovepipes:
- Safety - The ability of the system to operate without harmful states
- Reliability - The ability of the system to deliver services as specified
- Availability - The ability of the system to deliver services when requested
- Resilience - The ability of the system to transform, renew, and recover in timely response to events
- Security - The ability of the system to remain protected against accidental or deliberate attacks
This definition of Trustworthiness is an extension of a widely used definition of Dependability[3], adding a 5th Facet of Resilience.
Operation
TSI is operated on behalf of UK government by the Cyber Security Centre,[4] De Montfort University.
It is managed by a Technical Director, Ian Bryant, with Stakeholder interests being represented by a President, Sir Edmund Burton, and a team of Vice Presidents responsible for particular communities of interest.
Current Activity
- Enshrining its Trustworthy Software Framework (TSF) as British Standards (BS) Publicly Available Specification (PAS) 754
- Starting promulgation of Software Trustworthiness across Education, initially targeting the“technical” undergraduate community, with the assistance of the main Professional bodies (BCS / IET)
- Working with Partners on means of Verification of Organisational Competence in Software Trustworthiness (TickITPlus)
References
- ^ UK Trustworthy Software Initiative, retrieved 4 January 2014
- ^ Protecting and promoting the UK in a digital world: 2 years on – Government Press Release, retrieved 12 December 2013
- ^ "Software Engineering", I Sommerville, (9th Edition Feb 2010), ISBN-10: 0137053460, ISBN-13: 978-0137053469
- ^ DMU - FOT - Cyber Security Centre, retrieved 4 January 2014