A SYSTEMATIC APPROACH TO ESTABLISHING TRUST IN SOFTWARE
What is Trustable?
Can we trust software?
Trust is the basis upon which democracy, modern economics and societal stability have been built. Underpinning public and market confidence, trust in our political, legal and financial frameworks generates willingness to delegate control, be governed, accept taxation, invest, partner and respect ownership.
While software has become critical to virtually all aspects of modern life, processes for determining whether we can trust it are conspicuously absent.
Among stakeholder groups – vendors, purchasers, software engineers, computer scientists, government and regulators – there exists little, if any, consensus as to how software should be designed, constructed and operated to achieve this.
The goal of this paper is to stimulate discussion of the urgent need, potential solutions and proposed next steps to address the systemic risks posed by that gap.
A trustable process can be defined as “auditable in such a way that, at any point in the process, one can assess the degree to which it can be trusted”.
Although this term may be unfamiliar in everyday language, examples in use are immediately recognisable and underpin the existence of industries such as construction, financial services, healthcare, aerospace, nuclear power and public transportation, where safety and security are paramount, and the consequences of failure are substantial.
We examine current approaches and deficiencies within the software industry towards the issue of trust and propose the concept of a trustable software engineering process as a necessary and appropriate underpinning platform to ensure solid foundations for the trust of software going forward.
A proposed approach
The proposed approach of trustable software described here adds transparency to the design, development and testing process for software code, and generates and collects together assurances on each piece of software.
The principles of how that process might work are outlined, by establishing software engineering practices that generate audit information at all stages of creation, deployment, change and use, to enable the continual assessment of trust, just as this is done in other industries.
Snapshots of software at key points in its development are accompanied by a linked immutable audit log containing key information about the process by which the software has been produced, installed and maintained.
Subscribe to our news
To keep updated with the latest news and developments on Trustable Software please subscribe to our feed.
How a trustable software process would work in practice needs to be explored and discussed further with a view to generating a reference implementation. The generic trustable software process that we present in this paper is a first step in this direction.
We invite comment and feedback from all stakeholder parties with a view towards a robust debate on the role that trustable may play.
Codethink is a leading provider of effective software engineering solutions, particularly in the infrastructure critical space. The company develops and maintains system and device-level software supporting advanced technical applications for its international corporate clients, across a range of industries including aerospace, automotive, finance, medical and telecoms. Codethink has pioneered software industry thinking around the concepts of trustable software, with a view to improving the quality of software engineering for societal good.
Institute for Strategy, Resilience & Security (ISRS) at UCL
Over the last decade the Institute for Strategy Resilience & Security (ISRS) at UCL has served as a pioneer and forum for next generation thinking. Founded by the Hon. Lord Reid of Cardowan, ISRS provides analysis and assessment of the major issues of resilience with respect to national and global infrastructure and the ability of governments, regulators and businesses to respond to them. The Institute advises industry and the public sector on the persistent challenges to their agility, stamina and capacity in strategic decision making, so as to better face existential threats and disruptive innovation that are not addressed by conventional strategy and forecasting.