lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Date: Mon, 23 Jun 2008 17:10:37 +0200
From: Pete Herzog <pete@...com.org>
To: bugtraq@...urityfocus.com
Subject: Trust Testing and Metrics

Hi,

ISECOM has developed a Trust metric for testing and measuring trust as part
of the OpenTC project sponsored by the EU.  It will be integrated into
future versions of the OSSTMM as specific tasks.

An article about it is called, Making Sense of Trust, available here in the 
latest OpenTC newsletter:

http://www.opentc.net/publications/OpenTC_Newsletter_06.html

We've uncovered some interesting things about testing and measuring trust
so even if you aren't into trusted computing, it's worth a read.

Excerpt:

------------------------------------------------------------------------
In the Hal Hartley movie Trust, the main characters determine that the
properties of "?love"? are having admiration, respect and trust. Having
determined quickly that they share the first two, they journey through the
film trying to create trust so they can have love. Similarly, the Trusted
Computing Group (TCG) is claiming to create trust so they can have
security, a much less romantic goal but nevertheless an equally difficult
journey.

As the TCG writes, "?Trust as it applies to trusted computing is hardware
and software behaves as expected" [1]. However, ask any person in a
committed relationship and they will tell you that trust is certainly not
about each other behaving as expected. For people, that definition would
suggest a controlling or subjugating partner and those are terms that
divorce lawyers use to explain how the relationship broke down. This
highlights the huge gap that exists between what the TCG defines as trust
for Trusted Computing and what the general public expects from the meaning
of trust.
------------------------------------------------------------------------

Sincerely,
-pete.

Pete Herzog, Managing Director, ISECOM
OPST, OPSA, OWSE, OPSE



Powered by blists - more mailing lists