[trustable-software] Is 'safe + secure' equivalent to 'trustable', or a subset?
Paul Sherwood
paul.sherwood at codethink.co.uk
Thu Nov 24 09:06:56 UTC 2016
Robert,
my first shot at a possible rule for 'trustable' which is not in
'security' or 'safety', after a little discussion on IRC [1] is to
mandate that the originator of any code must be identifiable, eg by
requiring use of version control and signed commits.
This is not C-specific of course, nor is it strictly related to the code
itself or to the programming of it, which may render it inapplicable (or
irrelevant) in your view - what do you think?
br
Paul
[1]
https://irclogs.baserock.org/trustable/%23trustable.2016-11-23.log.html#t2016-11-23T14:49:32
On 2016-11-23 14:06, Paul Sherwood wrote:
> Hi all,
> I've been trying to persuade Robert Seacord that the new C standard
> could be called 'trustable', rather than 'safe and secure', with the
> possibility that trustable includes other rules in addition to safety
> and security.
>
> He's asked if I can come up with any example of a potential rule that
> would be applicable for trustable, but not required for safe, or for
> secure.
>
> I've been too busy to think deeply on this so far - I wonder if others
> have ideas?
More information about the trustable-software
mailing list