Evidence-based trustworthiness of internet-based services through controlled software development

Abstract

Users of Internet-based services are increasingly concerned about the trustworthiness of these services (i.e., apps, software, platforms) thus slowing down their adoption. Therefore, successful software development processes have to address trust concerns from the very early stages of development using constructive and practical methods to enable the trustworthiness of software and services. Unfortunately, even well-established development methodologies do not specifically support the realization of trustworthy Internet-based services today, and trustworthiness-oriented practices do not take objective evidences into account. We propose to use controlled software life-cycle processes for trustworthy Internet-based services. Development, deployment and operations processes, can be controlled by the collection of trustworthiness evidences at different stages. This can be achieved by e.g., measuring the degree of trustworthiness-related properties of the software, and documenting these evidences using digital trustworthiness certificates. This way, other stakeholders are able to verify the trustworthiness properties in a later stages, e.g., in the deployment of software on a marketplace, or the operation of the service at run-time.