[trustable-software] Another straw man...

Colin Robbins Colin.Robbins at nexor.com
Tue Jul 4 13:50:14 UTC 2017 

Hello Paul,

I think the workflow is great for a traditional software development model. 
However, more recently I've been looking at trustable software in the contest of containers (Docker and the like).    Let's put aside whether containers are a trustable approach for the moment.

Within a Docker environment, as the developer I build my container (or set of containers) and put them in a registry.
The customer then decides if they like (and trust) my container, and download it for deployment.
As such, I think the model has two separated workflows...

( --C1--> indicating Check 1 on your slide set)

Scope --C1--> architecture --C2-->  development & integration --C3--> publication  -- C4A

Retrieval --C4B-->  validation --C4C-->  deployment  --C5

In this way I think the validation activity splits into subset.
C4A - evidence that what is published is what the developer intended
C4B - evidence that what is retrieved is what the developer intended
C4C - your original 4.

This may be making if overly complicated, but I think adds recognition of the supply chain into the model.

Does this help?

Colin Robbins
Nexor

Tel: +44 (0) 115 953 5541

-----Original Message-----
From: trustable-software 
[mailto:trustable-software-bounces at lists.trustable.io] On Behalf Of Paul 
Sherwood
Sent: 30 June 2017 17:20
To: trustable-software at lists.trustable.io
Subject: [trustable-software] Another straw man...

Hi all,
in the background we've been working with some folks at UCL ISRS
(https://www.ucl.ac.uk/isrs) and during discussions established that I'm so 
far failing to explain the message succinctly enough.

This led me to consider whether we could re-use an example from other 
industries, and inspired by Edmund's emphasis on audit, I came up with...

https://docs.google.com/presentation/d/1siWFqyZ3F8cFFTwbVSNpRz2Dg2KZOv8ryO1tizz_KjE/edit?usp=sharing

I'd be very interested in feedback/suggestions, either here on as comments 
directly in the document

br
Paul

[1] https://www.ucl.ac.uk/isrs
[2]
https://docs.google.com/presentation/d/1siWFqyZ3F8cFFTwbVSNpRz2Dg2KZOv8ryO1tizz_KjE/edit?usp=sharing


_______________________________________________
trustable-software mailing list
trustable-software at lists.trustable.io
https://lists.trustable.io/cgi-bin/mailman/listinfo/trustable-software

More information about the trustable-software mailing list