|
|
A new paper discusses the relationship between high assurance software (for security or safety) and free-libre / open source software (FLOSS). High assurance software must NEVER fail. Many tools for developing high assurance software are FLOSS, it turns out...
|
|
Sometimes software has be "high assurance" to meet safety or security requirements (say, if it's controlling an airplane). This is software where you can convince skeptical parties that the software will always or never perform certain key functions, without fail -- in other words, that there are absolutely no software defects that would interfere with the software’s key functions.
A new paper discusses some relationships between high assurance software (for security or safety) and free-libre / open source software (FLOSS). In particular, it shows that many tools for developing high assurance software are FLOSS by examining the areas of software configuration management, testing, formal methods, analysis implementation, and code generation. However, while high assurance components are rare, FLOSS high assurance components are even rarer. This is in contrast to medium assurance, where there are a vast number of FLOSS tools and FLOSS components, and the security record of FLOSS components is quite impressive. The paper then examines why this is the circumstance. The most likely reason for this appears to be that decision-makers for high assurance components are not even considering the possibility of FLOSS-based approaches. The paper concludes that in the future, those who need high assurance components should consider FLOSS-based approaches as a possible strategy.
High Assurance (for Security or Safety) and Free-Libre / Open Source Software (FLOSS)
Full Story |
