When we talk about comparing the trustworthiness of two different pieces of software, we have
precious few metrics to ground this kind of discussion in reality. Some metrics like LoC (lines of code) seem attractive, but have little direct relationship to the trustworthiness of the software (at best they are a proxy for the number of expected vulnerabilities). On the other end of the spectrum, it is infeasible to undertake an exhaustive formal assurance process for every large, real-world piece of software, particularly in the presence of automated updates and program composition (e.g., Web 2.0 mashups). Trust Distribution Diagrams (TDDs) offer a visual language for understanding the amount and placement of trust relationships in a piece of software.
"Trust Distribution Diagrams: Theory and Applications"
. Michael E. Locasto, Steven J. Greenwald, and Sergey Bratus. Proceedings of the 4th
Layered Assurance Workshop (LAW 2010). December 2010. Austin, TX, USA
Guide to Drawing TDDs
TDDs are not (yet) a formal language, so drawing them is a bit more of a craft than
an exact science.
Here are a list of diagrams we have produced so far.
|| TDD Image
|| TDD Complexity