Trustworthy Software Foundation
From Wikipedia, the free encyclopedia
The Trustworthy Software Foundation (TSFdn)[1] is a UK not-for-profit organisation, with stated aim of improving software.[citation needed]
- London, United Kingdom
| Founded | 2016 |
|---|---|
| Type | Not For Profit Foundation |
| Focus | Software Development |
| Location |
|
| Origins | Trustworthy Software Initiative (TSI) |
Region served | UK |
| Method | Standards and their Verification |
Key people | Alastair Revell (Chairman) |
| Website | www |
Trustworthiness
The work is based around there being five facets of trustworthiness:
- Safety - The ability of the system to operate without harmful states
- Reliability - The ability of the system to deliver services as specified
- Availability - The ability of the system to deliver services when requested
- Resilience - The ability of the system to transform, renew, and recover in timely response to events
- Security - The ability of the system to remain protected against accidental or deliberate attacks
This definition of trustworthiness is an extension of a widely used definition of dependability,[2] adding as a 5th Facet of Resilience based on the UK Government approach.[3]
Objectives
TSFdn primarily aims to provide a living backbone for signposting to diverse but often obscure sources of Good Practice, with a secondary objective to address other aspects of the 2009 Trustworthy Software Roadmap.[4]
This focuses on engaging with partners for promulgation of Software Trustworthiness across Education, in particular through the IAP, BCS, and the IET
Governance and Operation
TSFdn operates as a not-for-profit Company Limited by Guarantee, jointly owned by the subscriber organisations – UK professional bodies.[5]
It formal interface to a cross section of stakeholders is carried out through the independent Advisory Committee on Trustworthy Systems (ACTS).
History
TSFdn, alongside the Advisory Committee on Trustworthy Systems, evolved from a number of previous activities:
- A study by the Cabinet Office, Central Sponsor for Information Assurance (CSIA) in 2004-5 which identified a pervasive lack of secure software development practices as a matter for concern
- A Department of Trade and Industry (DTI – predecessor of BIS) Global Watch Report in 2006 which noted a relative lack of secure software development practices in the UK
- The Technology Strategy Board (TSB) Cyber Security Knowledge Transfer Network (CSKTN) Special Interest Group (SIG) on Secure Software Development (SSD, 2007–8)
- The TSB / Foreign and Commonwealth Office (FCO) Science and Innovation Network (SIN) Multinational Workshop “Challenges to building in … information security, privacy and assurance”, held in Paris in March 2009
- The Secure Software Development Partnership (SSDP) Study Period, funded jointly by the UK government' TSB and the Centre for the Protection of National Infrastructure (CPNI) organisations, which ran in 2009–2010
- The Trustworthy Software Initiative (TSI—originally Software Security, Dependability and Resilience Initiative—SSDRI), a UK public good activity sponsored[6] by CPNI between 2011 and 2016