Bugtraq mailing list archives
Trust Testing and Metrics
From: Pete Herzog <pete () isecom org>
Date: Mon, 23 Jun 2008 17:10:37 +0200
Hi, ISECOM has developed a Trust metric for testing and measuring trust as part of the OpenTC project sponsored by the EU. It will be integrated into future versions of the OSSTMM as specific tasks.An article about it is called, Making Sense of Trust, available here in the latest OpenTC newsletter:
http://www.opentc.net/publications/OpenTC_Newsletter_06.html We've uncovered some interesting things about testing and measuring trust so even if you aren't into trusted computing, it's worth a read. Excerpt: ------------------------------------------------------------------------ In the Hal Hartley movie Trust, the main characters determine that the properties of "?love"? are having admiration, respect and trust. Having determined quickly that they share the first two, they journey through the film trying to create trust so they can have love. Similarly, the Trusted Computing Group (TCG) is claiming to create trust so they can have security, a much less romantic goal but nevertheless an equally difficult journey. As the TCG writes, "?Trust as it applies to trusted computing is hardware and software behaves as expected" [1]. However, ask any person in a committed relationship and they will tell you that trust is certainly not about each other behaving as expected. For people, that definition would suggest a controlling or subjugating partner and those are terms that divorce lawyers use to explain how the relationship broke down. This highlights the huge gap that exists between what the TCG defines as trust for Trusted Computing and what the general public expects from the meaning of trust. ------------------------------------------------------------------------ Sincerely, -pete. Pete Herzog, Managing Director, ISECOM OPST, OPSA, OWSE, OPSE
Current thread:
- Trust Testing and Metrics Pete Herzog (Jun 23)