Trustworthy Software Foundation

Last updated

The Trustworthy Software Foundation
Founded2016
TypeNot For Profit Foundation
FocusSoftware Development
Location
  • London, United Kingdom
OriginsTrustworthy Software Initiative (TSI)
Area served
Worldwide
MethodStandards and their Verification
Key people
Alastair Revell (Chairman)
Website www.tsfdn.org

The Trustworthy Software Foundation (TSFdn) [1] is a UK not-for-profit organisation, with stated aim of improving software.[ citation needed ]

Contents

History

TSFdn evolved from a number of previous activities:

Objectives

TSFdn primarily aims to provide a living backbone for signposting to diverse but often obscure sources of Good Practice, with a secondary objective to address other aspects of the 2009 Trustworthy Software Roadmap. [3]

Trustworthiness

TSI considers that there are five facets of trustworthiness:

This definition of trustworthiness is an extension of a widely used definition of dependability, [4] adding as a 5th Facet of Resilience based on the UK Government approach. [5]

Governance and Operation

TSFdn operates as a not-for-profit Company Limited by Guarantee, jointly owned by the subscriber organisations – UK professional bodies. [6]

It is based at the Cyber Security Centre of the University of Warwick, and is formally linked to a cross section of stakeholders through the Advisory Committee on Trustworthy Software (ACTS).

The Technical Lead remains Ian Bryant, the Technical Director of the predecessor TSI, and the Chair of the ACTS is Sir Edmund Burton KBE, [7] who was the President of the predecessor TSI.

Activities

Related Research Articles

<span class="mw-page-title-main">Security</span> Degree of resistance to, or protection from, harm

Security is protection from, or resilience against, potential harm. Beneficiaries of security may be persons and social groups, objects and institutions, ecosystems, or any other entity or phenomenon vulnerable to unwanted change.

In systems engineering, dependability is a measure of a system's availability, reliability, maintainability, and in some cases, other characteristics such as durability, safety and security. In real-time computing, dependability is the ability to provide services that can be trusted within a time-period. The service guarantees must hold even when the system is subject to attacks or natural failures.

Secure by design, in software engineering, means that software products and capabilities have been designed to be foundationally secure.

Software assurance (SwA) is a critical process in software development that ensures the reliability, safety, and security of software products. It involves a variety of activities, including requirements analysis, design reviews, code inspections, testing, and formal verification. One crucial component of software assurance is secure coding practices, which follow industry-accepted standards and best practices, such as those outlined by the Software Engineering Institute (SEI) in their CERT Secure Coding Standards (SCS).

Information security standards or cyber security standards are techniques generally outlined in published materials that attempt to protect the cyber environment of a user or organization. This environment includes users themselves, networks, devices, all software, processes, information in storage or transit, applications, services, and systems that can be connected directly or indirectly to networks.

A cybersecurity regulation comprises directives that safeguard information technology and computer systems with the purpose of forcing companies and organizations to protect their systems and information from cyberattacks like viruses, worms, Trojan horses, phishing, denial of service (DOS) attacks, unauthorized access and control system attacks. While cybersecurity regulations aim to minimize cyber risks and enhance protection, the uncertainty arising from frequent changes or new regulations can significantly impact organizational response strategies.

The Information Trust Institute (ITI) was founded in 2004 as an interdisciplinary unit designed to approach information security research from a systems perspective. It examines information security by looking at what makes machines, applications, and users trustworthy. Its mission is to create computer systems, software, and networks that society can depend on to be trustworthy, meaning secure, dependable, correct, safe, private, and survivable. ITI's stated goal is to create a new paradigm for designing trustworthy systems from the ground up and validating systems that are intended to be trustworthy.

<span class="mw-page-title-main">National Protective Security Authority</span>

The National Protective Security Authority (NPSA), formerly the Centre for the Protection of National Infrastructure (CPNI), is the national technical authority in the United Kingdom for physical and personnel protective security, maintaining expertise in counter terrorism as well as state threats.

A supply chain attack is a cyber-attack that seeks to damage an organization by targeting less secure elements in the supply chain. A supply chain attack can occur in any industry, from the financial sector, oil industry, to a government sector. A supply chain attack can happen in software or hardware. Cybercriminals typically tamper with the manufacturing or distribution of a product by installing malware or hardware-based spying components. Symantec's 2019 Internet Security Threat Report states that supply chain attacks increased by 78 percent in 2018.

A resilient control system is one that maintains state awareness and an accepted level of operational normalcy in response to disturbances, including threats of an unexpected and malicious nature".

Lieutenant-General Sir Edmund Fortescue Gerard Burton KBE is a former British Army officer who became Deputy Chief of the Defence Staff (Systems).

<span class="mw-page-title-main">Nexor</span>

Nexor Limited is a privately held company based in Nottingham, providing products and services to safeguard government, defence and critical national infrastructure computer systems. It was originally known as X-Tel Services Limited.

<span class="mw-page-title-main">DHS Cyber Security Division</span>

The Cyber Security Division (CSD) is a division of the Science and Technology Directorate (S&T Directorate) of the United States Department of Homeland Security (DHS). Within the Homeland Security Advanced Research Projects Agency, CSD develops technologies to enhance the security and resilience of the United States' critical information infrastructure from acts of terrorism. S&T supports DHS component operational and critical infrastructure protections, including the finance, energy, and public utility sectors, as well as the first responder community.

The United Kingdom has a diverse cyber security community, interconnected in a complex network.

The Indian Computer Emergency Response Team is an office within the Ministry of Electronics and Information Technology of the Government of India. It is the nodal agency to deal with cyber security incidents. It strengthens security-related defence of the Indian Internet domain.

The Institution of Analysts and Programmers is a professional body that represents those working in Systems Analysis, Design, Programming and implementation of computer systems both in the United Kingdom and internationally. Established in 1972 it has supported system developers across the world.

BS PAS 754:2014 is a British Standards Institution (BSI) software Publicly Available Specification, published in May 2014. BS PAS 754:2014 was withdrawn following the publication of BS 10754-1:2018 in February 2018.

<span class="mw-page-title-main">Ian Bryant (academic)</span> British computer scientist

Ian Bryant is a British academic, engaged in promoting Trustworthy Software and Systems, and in Standardisation.

The National Cyber Security Centre (NCSC) is an organisation of the United Kingdom Government that provides advice and support for the public and private sector in how to avoid computer security threats. It is the UK's National technical authority for cyber threats and Information Assurance Based in London, it became operational in October 2016, and its parent organisation is GCHQ.

Cyber resilience refers to an entity's ability to continuously deliver the intended outcome, despite cyber attacks. Resilience to cyber attacks is essential to IT systems, critical infrastructure, business processes, organizations, societies, and nation-states. A related term is cyberworthiness, which is an assessment of the resilience of a system from cyber attacks. It can be applied to a range of software and hardware elements.

References

  1. Trustworthy Software Foundation, retrieved 2017-04-20
  2. Protecting and promoting the UK in a digital world: 2 years on – Government Press Release, retrieved 12 December 2013
  3. About TSFdn, retrieved 2017-04-20
  4. "Software Engineering", I Sommerville, (9th Edition Feb 2010), ISBN   978-0137053469
  5. CPNI: Security Minded Approach, retrieved 2017-04-20
  6. About TSFdn, retrieved 2017-04-20
  7. About TSFdn, retrieved 2017-04-20