Home page logo
/

pen-test logo Penetration Testing mailing list archives

Trust Testing and Metrics
From: Pete Herzog <lists () isecom org>
Date: Fri, 20 Jun 2008 16:16:21 +0200

Hi,

ISECOM has developed a Trust metric for testing and measuring trust as part of the OpenTC project sponsored by the EU. It will be integrated into future versions of the OSSTMM as specific tasks.

An article about it is called, Making Sense of Trust, available here:

http://www.opentc.net/publications/OpenTC_Newsletter_06.html

We've uncovered some interesting things about testing and measuring trust so even if you aren't into trusted computing, it's worth a read.

Excerpt:

------------------------------------------------------------------------
In the Hal Hartley movie Trust, the main characters determine that the
properties of "?love"? are having admiration, respect and trust. Having
determined quickly that they share the first two, they journey through the
film trying to create trust so they can have love. Similarly, the Trusted
Computing Group (TCG) is claiming to create trust so they can have
security, a much less romantic goal but nevertheless an equally difficult
journey.

As the TCG writes, "?Trust as it applies to trusted computing is hardware
and software behaves as expected" [1]. However, ask any person in a
committed relationship and they will tell you that trust is certainly not
about each other behaving as expected. For people, that definition would
suggest a controlling or subjugating partner and those are terms that
divorce lawyers use to explain how the relationship broke down. This
highlights the huge gap that exists between what the TCG defines as trust
for Trusted Computing and what the general public expects from the meaning
of trust.
------------------------------------------------------------------------

Sincerely,
-pete.

Pete Herzog, Managing Director, ISECOM
OPST, OPSA, OWSE, OPSE



------------------------------------------------------------------------
This list is sponsored by: Cenzic

Top 5 Common Mistakes in Securing Web Applications
Get 45 Min Video and PPT Slides

www.cenzic.com/landing/securityfocus/hackinar
------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
  • Trust Testing and Metrics Pete Herzog (Jun 21)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]