This presentation show the results of my PhD thesis.
Modern society depends on large-scale software systems of astonishing complexity. Because the consequences of their possible failure are so high, it is vital that software systems should exhibit a trustworthy behavior.
Trustworthiness is a major issue when people and organizations are faced with the selection and the adoption of new software. Although some ad-hoc methods have been proposed (see for instance OpenBQR, OpenBRR and QSOS), there is not yet general agreement about the software characteristics contributing to its trustworthiness.
Therefore, this work focuses on defining an adequate notion of trustworthiness of Open Source Software products and artifacts and identifying a number of factors that influence it to provide both developers and users with an instrument that guides them when deciding whether a given program (or library or other piece of software) is “good enough” and can be trusted in order to be used in an industrial or professional context.
More details on www.taibi.it
Powerful Google developer tools for immediate impact! (2023-24 C)
Defining an Open Source Software Trustworthiness Model
1. Davide Taibi Università degli Studi dell’Insubria Defining an Open Source Software Trustworthiness Model Advisor: Prof. Sandro Morasca Reviewer: Prof. Alberto SIllitti
29. Experimentation Correlations between measures 15-09-2010 Defining an Open Source Software Trustworthiness Model Objective var Objective var Outcome Size (total eLOC) Total num. methods (log-log) Size (total eLOC) Total num. classes (log-log) Size (total eLOC) Total num. classes & methods Total num. methods Total num. classes (linear)
On the web exists many slightly different definitions about the trustworthiness and trustworthy related concepts as is the trustworthy computing concept. We present here just the most relevant and similar definitions to our own nderstanding of the concept of the trustworthy element that is used inside this research. Some of the definitions found > on the web are the following: > > Merriam-webster's online dictionary defines the concept > trustworthy as something being worthy of confidence; > dependable "a trustworthy guide" > "trustworthy information". > > Other definitions found on the web are: > > worthy of trust or belief; "a trustworthy report"; "an > experienced and trustworthy travelling companion" > (wordnet.princeton.edu) > > taking responsibility for one's conduct and obligations; > "trustworthy public servants" (wordnet.princeton.edu) > > The National Security Agency (NSA) defines a trusted system > or component as one "whose failure can break the security > policy", and a trustworthy system or component as one "that > will not fail". (Wikipedia) > > The Committee on Information Systems Trustworthiness' > publication, Trust in Cyberspace, defines a Trustworthy > computing system as one which: > does what people expect it to do - and not something else - > despite environmental disruption, human user and operator > errors, and attacks by hostile parties. Design and > implementation errors must be avoided, eliminated or somehow > tolerated. It is not sufficient to address only some of these > dimensions, nor is it sufficient simply to assemble > components are themselves trustworthy. Trustworthiness is > holistic and multidimensional. > (Wikipedia) > > Our definition of trustworthiness and of the trustworthy > element are closer to the Wordnet's definition since it > depends on the personal beliefs or generic trust that people, > users of FLOSS systems and all the stakeholders share about a > specific software product. We adopted the term element for > describing all the components and aspects influencing the > development and functioning of a software system. > > Therefore we define the trustworthy element, in the scope of > the research done on the FLOSS development process inside the > Qualipso project, as a specific component or aspect of a > software product that influences the belief and trust of the > stakeholders in the overall quality of the software product. >
On the web exists many slightly different definitions about the trustworthiness and trustworthy related concepts as is the trustworthy computing concept. We present here just the most relevant and similar definitions to our own nderstanding of the concept of the trustworthy element that is used inside this research. Some of the definitions found > on the web are the following: > > Merriam-webster's online dictionary defines the concept > trustworthy as something being worthy of confidence; > dependable "a trustworthy guide" > "trustworthy information". > > Other definitions found on the web are: > > worthy of trust or belief; "a trustworthy report"; "an > experienced and trustworthy travelling companion" > (wordnet.princeton.edu) > > taking responsibility for one's conduct and obligations; > "trustworthy public servants" (wordnet.princeton.edu) > > The National Security Agency (NSA) defines a trusted system > or component as one "whose failure can break the security > policy", and a trustworthy system or component as one "that > will not fail". (Wikipedia) > > The Committee on Information Systems Trustworthiness' > publication, Trust in Cyberspace, defines a Trustworthy > computing system as one which: > does what people expect it to do - and not something else - > despite environmental disruption, human user and operator > errors, and attacks by hostile parties. Design and > implementation errors must be avoided, eliminated or somehow > tolerated. It is not sufficient to address only some of these > dimensions, nor is it sufficient simply to assemble > components are themselves trustworthy. Trustworthiness is > holistic and multidimensional. > (Wikipedia) > > Our definition of trustworthiness and of the trustworthy > element are closer to the Wordnet's definition since it > depends on the personal beliefs or generic trust that people, > users of FLOSS systems and all the stakeholders share about a > specific software product. We adopted the term element for > describing all the components and aspects influencing the > development and functioning of a software system. > > Therefore we define the trustworthy element, in the scope of > the research done on the FLOSS development process inside the > Qualipso project, as a specific component or aspect of a > software product that influences the belief and trust of the > stakeholders in the overall quality of the software product. >
The model will use a number of trustworthiness factors as independent variables An assessment of trustworthiness by practitioners and users as dependant variables
The model will use a number of trustworthiness factors as independent variables An assessment of trustworthiness by practitioners and users as dependant variables