[trustable-software] Where does Trustable Sit ?

trustable at panic.fluff.org trustable at panic.fluff.org
Thu Jun 21 09:58:49 BST 2018 

I've been thinking about where 'Trustable' sits in terms of comparible 
standards and outcomes.

For example, is it
  * a process and operationg standard, such as ITIL or ISO20000
  * a coding standard like OWASP and CERT secure coding standards
  * a risk reduction standard like IEC61508 or ISO27000
  * an evidence production standard like ISA500 or SIL

'Trustable' has never been about language or technology specific choices, 
and so it doesn't really fit with say CERT or MISRA Standards

Certainly for 'Trustable' the discussions around evidence and consistency 
of evidence seems to point to something like ISA500 or SIL.

However, there are evidence requirements associated with ITIL and COBIT 
frameworks for example. It could be argued that the from ITIL and COBIT 
you get to make the evidence up to demonstrate you're doing the right 
thing. This may be true for SIL and ISA500 as well but I've not worked 
with them enough to be entirely sure....

Also for 'Trustable' we are defining a series of expected behaviours
just as MISRA does with their compilers or ITIL does with Change Requests.

Yet again this week, I've been involved with a project where the 
behaviours which I would take self evident around version control and 
validation turn out to be beyond the capabilities of yet another 
international organisations of reasonable size and software background.

Certainly in the Hypothesis which began these discussions

https://gitlab.com/trustable/overview/wikis/hypothesis-for-software-to-be-trustable

We were clear that particular actions had to occur, like ITIL, and we 
declared that particularly evidence should be visible.

So does trustable sit in the space like ITIL defining behaviour, like 
ISA500 defining what evidence is required and like ISA700 or the Police 
and Criminal Evidence Act in the UK specifying how evidence is collected 
and used to form an opinion ?

Have we missed something in our definitions about how the evidence is to 
be judged ?

Edmund

  -- 
========================================================================
Edmund J. Sutcliffe                     Thoughtful Solutions; Creatively
<edmunds at panic.fluff.org>               Implemented and Communicated
<http://panic.fluff.org>                +44 (0) 7976 938841

More information about the trustable-software mailing list