Industrial Internet Consortium
The Industrial Internet Consortium Announces Software Trustworthiness Best Practices Whitepaper
Guidance to ensure the safety, security, privacy, reliability and resilience of software for IIoT systems
NEEDHAM, MA – MARCH 25, 2020 – The Industrial Internet Consortium® (IIC™), the world’s leading organization transforming business and society by accelerating the adoption of the Industrial Internet of Things (IIoT), today announced the publication of the Software Trustworthiness Best Practices Whitepaper. Written for developers, owner-operators and decision makers, the whitepaper addresses various aspects of creating, acquiring and protecting software for IIoT systems. It also provides practical and actionable best practices for recognizing, addressing, managing and mitigating risks and their sources, and includes numerous use cases.
"You cannot talk about the trustworthiness of today's systems without an in-depth understanding of the trustworthiness of the software in these systems," says Mark Hermeling, one of the authors of the whitepaper and Senior Director of Product Marketing at GrammaTech, Inc. "This paper concisely lays out the topics to consider when reasoning about the trustworthiness of software, during the entire lifecycle of the system, from inception to disposal."
"Systems depend on software to function in potentially hostile environments that are inherently untrustworthy," says Simon Rix, one of the authors of the whitepaper, and Security Evangelist from Irdeto. "As a security practitioner, I like the practical nature of this whitepaper as it presents techniques and methodologies to ensure that software is protected and not a target of attacks, thereby enabling successful business objectives in hostile, untrustworthy environments."
“Software is an essential part of almost all modern systems,” said one of the authors of the whitepaper Frederick Hirsch from Fujitsu, and co-chair of the IIC Trustworthiness Task Group. “Ensuring that software is trustworthy is essential to assuring the trustworthiness of these systems, to make them appropriately secure, safe, reliable, resilient and privacy protecting.”
“The specific aspects of trustworthiness in a system depend on the system, the industry and the consequences of failure, ”said Marcellus Buchheit, one of the authors of the whitepaper, co-chair of the IIC Trustworthiness Task Group, President & CEO at Wibu-Systems USA Inc. and Co-Owner, Wibu-Systems AG. “Confidence is not only dependent on the quality of the software itself but also on an organization and its processes. If you want to convince others that your software should be trusted, you must be transparent, providing concrete evidence of best practices.”
"This new whitepaper addresses the critical and often mis-understood aspects of creating trustworthy systems," says Bob Martin, one of the authors of the whitepaper, co-chair of the IIC Trustworthiness Task Group, member of the IIC Steering Committee and Senior Principal Engineer from MITRE's Trust & Assurance Cyber Technologies Department. “It will help anyone who uses software and systems to create, buy, operate and maintain them in a trustworthy manner."
The whitepaper, Software Trustworthiness Best Practices, including a full list of members who contributed to it can be found on the IIC website here.
About Industrial Internet Consortium
The Industrial Internet Consortium is the world’s leading membership program transforming business and society by accelerating the Industrial Internet of Things (IIoT). The IIC delivers a trustworthy IIoT in which the world’s systems and devices are securely connected and controlled to deliver transformational outcomes. The Industrial Internet Consortium is a program of the Object Management Group (OMG). For more information visit www.iiconsortium.org.
Note to editors: Industrial Internet Consortium is a registered trademark of OMG. For a listing of all OMG trademarks, visit https://www.omg.org/legal/tm_list.htm. All other trademarks are the property of their respective owners.