Trustworthy Software Foundation
The Trustworthy Software Initiative (TSI)[1] is a UK public good activity, sponsored[2] by the UK government's Centre for the Protection of National Infrastructure, with stated aim of improving software.
History
TSI evolved from a number of previous activities:
- A study by the Cabinet Office, Central Sponsor for Information Assurance (CSIA) in 2004-5 which identified a pervasive lack of secure software development practices as a matter for concern
- A Department of Trade and Industry (DTI – predecessor of BIS) Global Watch Report in 2006 which noted a relative lack of secure software development practices in the UK
- The Technology Strategy Board (TSB) Cyber Security Knowledge Transfer Network (CSKTN) Special Interest Group (SIG) on Secure Software Development (SSD, 2007-8)
- The TSB / Foreign and Commonwealth Office (FCO) Science and Innovation Network (SIN) Multinational Workshop “Challenges to building in … information security, privacy and assurance”, held in Paris in March 2009
- The Secure Software Development Partnership (SSDP) Study Period, funded jointly by TSB and the Centre for Protection of National Infrastructure, which ran in 2009-2010
The Trustworthy Software Initiative (TSI) was established, originally as the Software Security, Dependability and Resilience Initiative (SSDRI), in July 2011 to draw together the activity and provide a single point of reference for guidance and information about trustworthy software development. It was renamed from SSDRI to TSI in September 2012.
Trustworthiness
TSI considers that there are five facets of trustworthiness:
- Safety - The ability of the system to operate without harmful states
- Reliability - The ability of the system to deliver services as specified
- Availability - The ability of the system to deliver services when requested
- Resilience - The ability of the system to transform, renew, and recover in timely response to events
- Security - The ability of the system to remain protected against accidental or deliberate attacks
This definition of trustworthiness is an extension of a widely used definition of dependability[3], adding as a 5th Facet of Resilience based on the UK Government approach[4].
Operation
TSI is operated on behalf of UK government by the Cyber Security Centre, University of Warwick.
It is managed by a technical director, a president representing stakeholder interests, and a team of vice-presidents responsible for particular communities of interest. Incumbent as of 2015[update] were technical director Ian Bryant and president Sir Edmund Burton.
Activities
- Making its Trustworthy Software Framework (TSF) into British Standards (BS) Publicly Available Specification (PAS) 754
- Starting promulgation of Software Trustworthiness across Education, initially targeting the "technical" undergraduate community, with the assistance of the BCS / IET
- Working with partners on means of Verification of Organisational Competence in Software Trustworthiness (TickITPlus)
References
- ^ UK Trustworthy Software Initiative, retrieved 4 January 2014
- ^ Protecting and promoting the UK in a digital world: 2 years on – Government Press Release, retrieved 12 December 2013
- ^ "Software Engineering", I Sommerville, (9th Edition Feb 2010), ISBN 978-0137053469
- ^ WMG: CPNI: Security Minded Approach, retrieved 20 April 2017