[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Trust Testing and Metrics


ISECOM has developed a Trust metric for testing and measuring trust as part
of the OpenTC project sponsored by the EU.  It will be integrated into
future versions of the OSSTMM as specific tasks.

An article about it is called, Making Sense of Trust, available here in the latest OpenTC newsletter:


We've uncovered some interesting things about testing and measuring trust
so even if you aren't into trusted computing, it's worth a read.


In the Hal Hartley movie Trust, the main characters determine that the
properties of "?love"? are having admiration, respect and trust. Having
determined quickly that they share the first two, they journey through the
film trying to create trust so they can have love. Similarly, the Trusted
Computing Group (TCG) is claiming to create trust so they can have
security, a much less romantic goal but nevertheless an equally difficult

As the TCG writes, "?Trust as it applies to trusted computing is hardware
and software behaves as expected" [1]. However, ask any person in a
committed relationship and they will tell you that trust is certainly not
about each other behaving as expected. For people, that definition would
suggest a controlling or subjugating partner and those are terms that
divorce lawyers use to explain how the relationship broke down. This
highlights the huge gap that exists between what the TCG defines as trust
for Trusted Computing and what the general public expects from the meaning
of trust.


Pete Herzog, Managing Director, ISECOM