David A. Wheeler's Blog

Sat, 06 May 2006

High Assurance (for Security or Safety) and Free-Libre / Open Source Software (FLOSS)

Recently I spoke at an Open Group conference and gave my presentation on Open Source Software and Software Assurance (Security). While there, someone asked a very interesting question: “What is the relationship between high assurance and open source software?” That’s a fair question, and although I gave a quick answer, I realized that a longer and more thoughtful answer was really needed.

So I’ve just posted a paper to answer the question: High Assurance (for Security or Safety) and Free-Libre / Open Source Software (FLOSS). For purposes of the paper, I define “high assurance software” as software where there’s an argument that could convince skeptical parties that the software will always perform or never perform certain key functions without fail. That means you have to show convincing evidence that there are absolutely no software defects that would interfere with the software’s key functions. Almost all software built today is not high assurance; developing high assurance software is currently a specialist’s field. But I think all software developers should know a little about high assurance. And it turns out there are lots of connections between high assurance and FLOSS.

The relationships between high assurance and FLOSS are interesting. Many tools for developing high assurance software are FLOSS, which I can show by examining the areas of software configuration management, testing, formal methods, analysis implementation, and code generation. However, while high assurance components are rare, FLOSS high assurance components are even rarer. This is in contrast to medium assurance, where there are a vast number of FLOSS tools and FLOSS components, and the security record of FLOSS components is quite impressive. The paper then examines why this is the circumstance. The most likely reason for this appears to be that decision-makers for high assurance components are not even considering the possibility of FLOSS-based approaches. The paper concludes that in the future, those who need high assurance components should consider FLOSS-based approaches as a possible strategy.

Anyway, it’s a thought piece; if you’re interested in making software that is REALLY reliable, I hope you’ll find it interesting.

Again, the paper is here: High Assurance (for Security or Safety) and Free-Libre / Open Source Software (FLOSS).

path: /oss | Current Weblog | permanent link to this entry