Thoughts on Software Trustworthiness Best Practices

Software is the invisible fabric that enables the world to interact, transact, and function. Software is at the heart of an amazing and bewildering explosion of functionality: from running your washing machine, to pumping your water, flying aeroplanes, spotting cancer, or allowing us to simply connect in a wireless manner from almost anywhere.

Clearly, our digital workplace and private lives rely on having a high degree of trustworthiness in the software. We simply expect that our tools and application suites will consistently deliver, in all environments, the results we simply rely on for success.

But, have you ever given any thought on what makes software trustworthy and to achieve what seems so hard in practice?

As a member of the Industrial Internet Consortium (IIC) Irdeto has collaborated with other industry leaders to create the “Software Trustworthiness Best Practices” paper that provides practical guidance to time pressured Product Managers, Product Owners, software architects, developers, and management. Chief Product Security Officers and other security practitioners will also derive value from the whitepaper’s broad perspective.

This paper is applicable to a great range of market verticals outside of the Industrial space. For example, the parallels between the Industrial and the Health sectors is striking as both struggle with many legacy devices that were not designed to be connected or to resist the threats they now encounter.

The collision of ‘Operational Technology’ with ‘Information Technology’ is discussed in the paper, here is a pre-view of some other aspects of what you can expect to read about:

• It is important to create an environment that clearly mandates trustworthiness as an essential element of corporate culture and as senior leaders you must act this out in practice.
• Focus on the complete lifecycle of software, it is much wider than the development cycle itself. We suggest that in practice we are inclined to rush early interactions between business and technology which leads to the resultant software product not fulfilling the desired business outcomes. The paper proposes a practical and actionable software lifecycle to help achieve the expected, trustworthy outcomes.
• Software that is not the source of an attack takes hard work and dedication. The paper gives an overview of software attestation techniques that can be used to help you create world class software.
• Software often executes in untrustworthy environments. successful software rapidly becomes the target of various attacks as adversaries seek to benefit from functional alterations. Software protection techniques make it difficult for attackers to understand software functionality and to implement meaningful changes that themselves function reliably. Software Protection enables the solution to continue providing the expected outcomes even when under attack.
In practice the level of protection realized is enhanced by planning software protection in from the start as it changes the design and structure of the software solution.
• An overview of the operational environment required for a trustworthy outcome.
• Ops with a focus on test automation to validate functional modifications before and after the application of software protection.

At Irdeto, we think continuously about security and have a wide range of experience in hardware and software security technology and techniques in various market verticals.

We are active in all aspects of Software Protection. We have successfully supplied Whitebox Cryptographic technology in many systems worldwide and it forms the core of our cardless content protection solutions, with our overall security solutions protecting billions of devices all over the world in the video entertainment segment.

We would love to be a part of helping you achieve the trustworthy outcomes in an untrustworthy software driven world. To learn more, visit our website at https://www.irdeto.com/cloakware-software-protection.