[trustable-software] Where does Trustable Sit ?
trustable at panic.fluff.org
trustable at panic.fluff.org
Thu Jun 21 09:58:49 BST 2018
I've been thinking about where 'Trustable' sits in terms of comparible
standards and outcomes.
For example, is it
* a process and operationg standard, such as ITIL or ISO20000
* a coding standard like OWASP and CERT secure coding standards
* a risk reduction standard like IEC61508 or ISO27000
* an evidence production standard like ISA500 or SIL
'Trustable' has never been about language or technology specific choices,
and so it doesn't really fit with say CERT or MISRA Standards
Certainly for 'Trustable' the discussions around evidence and consistency
of evidence seems to point to something like ISA500 or SIL.
However, there are evidence requirements associated with ITIL and COBIT
frameworks for example. It could be argued that the from ITIL and COBIT
you get to make the evidence up to demonstrate you're doing the right
thing. This may be true for SIL and ISA500 as well but I've not worked
with them enough to be entirely sure....
Also for 'Trustable' we are defining a series of expected behaviours
just as MISRA does with their compilers or ITIL does with Change Requests.
Yet again this week, I've been involved with a project where the
behaviours which I would take self evident around version control and
validation turn out to be beyond the capabilities of yet another
international organisations of reasonable size and software background.
Certainly in the Hypothesis which began these discussions
https://gitlab.com/trustable/overview/wikis/hypothesis-for-software-to-be-trustable
We were clear that particular actions had to occur, like ITIL, and we
declared that particularly evidence should be visible.
So does trustable sit in the space like ITIL defining behaviour, like
ISA500 defining what evidence is required and like ISA700 or the Police
and Criminal Evidence Act in the UK specifying how evidence is collected
and used to form an opinion ?
Have we missed something in our definitions about how the evidence is to
be judged ?
Edmund
--
========================================================================
Edmund J. Sutcliffe Thoughtful Solutions; Creatively
<edmunds at panic.fluff.org> Implemented and Communicated
<http://panic.fluff.org> +44 (0) 7976 938841
More information about the trustable-software
mailing list