The Trustworthy Software Framework (TSFr) is a collation of good practice, existing guidance and relevant standards across the five main facets of trustworthiness: Safety; Reliability; Availability; Resilience; and Security.
The purpose of the TSFr is to provide a minimum set of controls such that, when applied, all software (irrespective of implementation constraints) can be specified, realised and used in a trustworthy manner.
The TSF has been established, and will continue to evolve, as a means for anyone to quickly find the information and advice they need to build, procure or work with Trustworthy Software."
The TSF considers trustworthiness as comprising of 5 facets:
Safety: The ability of the software to operate without causing harm to anything or anyone.
Reliability: The ability of the software to operate correctly.
Availability: The ability of the software to operate when required.
Resilience: The ability of the software to recover from errors quickly and completely.
Security: The ability of the software to remain protected against the hazards posed by malware, hackers or accidental misuse.
The TSF recognises that software only requires a level of trustworthiness commensurate to the purpose for which it is used and therefore advocates a risk-based approach to determine the Trustworthiness Level (TL) of the software (based upon the role of the software in the system/ service and the maximum impact that a defect/deviation would have on the system/service).
The TSFr was formalised through the British Standards Institution as PAS754:2014 as a specification for software trustworthiness with the intention that it be used either as a stand-alone document or as a companion/complement to other relevant standards.
Trustworthy Software Essentials (TSE) was established as a subset of the comprehensive set of controls listed in the TSFr, providing a baseline set of controls organised under the mnemonic SCUDA (Scope for Use, Coding Practices, Use Tools Effectively, Defect Management and Artefact Management).