Project Overview: Trustable Software
TL; DR We are aiming to identify|provoke|create viable methods|processes|tools for high-integrity|secure/safety-critical|deterministic software engineering.
This project is exploring the problems of Trust and Compliance in software, particularly with regards to software engineering which is expected to be Safety Critical, High Integrity, Mission Critical, Secure, Deterministic.
Trust: Software has become pervasive and now underpins many critical services and functions for society. Our reliance on software puts people in the position of needing to trust it, and increasingly there are situations where this trust is not justified. Our aim in this project is to demonstrate what trust for software means in practice, and to provide example implementations including evidence to allow others to consider whether or not the examples are trustable.
Compliance: From a simplified viewpoint: verification against Compliance requirements, as we know it, does not work. The process is overly bureaucratic and subjective - there is no formal, objective method of guaranteeing that a piece of software will do what it claims it will do, and nothing more or less.
The volume and complexity of code in the software used in Safety Critical Engineering is rising fast, and we believe that automated processes for formal verification of Compliance are required to mitigate against the costs and risks involved. As far as we can tell there appears to be little applicable work on this available in the public domain.
As a initial objective, we are aiming to complete some research into some of the existing technologies in this field, so that we can create something in the way of a 'toy' or minimal framework for the creation of Trustable Software, providing a traceable link from requirements to tests, to code. We intend for this to be used, reviewed and critiqued by the wider community, and then built upon.
At a very high level, we are working on the following principles:
- Using a tool to perform compliance validation is more objective, reliable, cheaper and ultimately more trustable than an industry of people performing compliance validation.
- Working transparently and having discussions in the open whilst engaging the wider community is better than working behind closed doors.
- Hypothesis for software to be trustable
- A Method for Trustable Software
- Behaviour Driven Development - Overview and some specific tools
- Overview of OpenControl
- Report on the schemas for OpenControl and Mustard
- YAML, JSON, Schemas and Validation
- Example: using the Compliance Masonry tool
- Git Branch Merging Control
- Investigation into Doors
- Trustable Software Workflow
- Mailing list - https://lists.trustable.io/cgi-bin/mailman/listinfo/trustable-software
- IRC - #trustable on Freenode(irc.freenode.net) - [Logs]