Trustworthiness, security, and privacy
Open Source Assessment, often deals with security and privacy. Some academic works relates trusttorthiness to securoty and privacy.
Hansen defines trustworthiness meaning in respect to security and privacy meanings [1]. More in details, he argues that security and privacy principally can be objectively stated, while trustworthiness strongly depends on the subjective experience and feelings of the user.
The trustworthiness enhanced by disclosure of the source code particularly affects privacy. While other qualities such as integrity or availability can be formulated as "do's" and be validated to some degree by practical experience, privacy requirements are very often "don'ts". The main security goal of privacy is confidentiality, which is clearly a "don’t" (expose information). Such requirements as well as formal proof of "don’ts" can only be validated by disclosure of sources. So this is a great advantage of FLOSS in respect to closed source software.
Hasselbring and Reussner [2] aim to provide a holistic view of trustworthiness in software in an interdisciplinary setting. They identified some attributes trustworthiness consists of:
- correctness: the absence of the improper system states;
- safety: the absence of catastrophic environmental consequences;
- quality of service: that includes three attributes: availability, reliability, performance;
- security: the absence of unauthorized access to a system;
- privacy: the absence of unauthorized disclosure of information.
References
-
Hansen M. Ks., Úhntopp K., Pfitzmann A., "The Open Source Approach – Opportunities and Limitations with Respect to Security and Privacy". Computers & Security, vol. 21/5, pp. 461-471, 2002.
-
Hasselbring W., Reussner R., "Toward Trustworthy Software Systems", US Army Research Laboratories Information Assurance Center, IEEE. 2006.
From this serie
This article comes from the FLOSS Trustworthiness Series:
