Measuring the Trustworthiness of Software
The definition of Trustworthiness and its constituent characteristics focuses on the behavior of a system in operation and whether people can trust that it will perform as expected and according to its requirements . Consequently , many of the measures of Trustworthiness evaluate the operational behavior of a system or collection of linked devices .
These measures are post-hoc in that they measure failures that have already occurred rather than the engineering weaknesses that caused these failures . This paper focuses on software measures that can be calculated during development and testing in order that weaknesses be corrected before linked devices are placed in operation .
Until recently there has been no widely accepted way to measure the Trustworthiness of software from the actual source code product prior to placing it in operation . This article will discuss how the Industry IoT Consortium ’ s ( IIC ) five Trustworthiness characteristics relate to the software quality model in the ISO 25000 series of standards .
It will discuss how ISO / IEC 5055:2021 ( hereafter referred to as ISO 5055 ) supplements the ISO 25000 series to provide measures that can be used to assess the Trustworthiness of a softwareintensive system at the level of the source code . It will show how detecting known weaknesses in the source code can be used to assess a software-intensive systems Trustworthiness prior to placing it into operation .
The IIC Trustworthiness Framework 1 decomposes trustworthiness into five characteristics ⎯Safety , Security , Reliability , Resilience , and Privacy . These are the characteristics that should be measured independently since each is affected by a different ensemble of weaknesses .
The IIC Trustworthiness characteristics are similar to several quality characteristics and subcharacteristics in the ISO / IEC 25010:2011 software and system product quality model 2 . The importance of this relation is that the ISO 25000 series of quality standards provides one basis for measuring IIC ’ s Trustworthiness characteristics .
The eight quality characteristics in ISO 25010 include Functional Suitability , Performance Efficiency , Compatibility , Usability , Reliability , Security , Maintainability , and Portability .
1
2
ISO / IEC 25010:2011 Systems and software engineering — Systems and software Quality Requirements and Evaluation ( SQuaRE ) — Product quality model . Geneva : International Organization for Standardization .
IIC Journal of Innovation 37