The TSF considers trustworthiness as comprising of 5 facets:
Safety: The ability of the software to operate without causing harm to anything or anyone.
Reliability: The ability of the software to operate correctly.
Availability: The ability of the software to operate when required.
Resilience: The ability of the software to recover from errors quickly and completely.
Security: The ability of the software to remain protected against the hazards posed by malware, hackers or accidental misuse.
The TSF recognises that software only requires a level of trustworthiness commensurate to the purpose for which it is used and therefore advocates a risk-based approach to determine the Trustworthiness Level (TL) of the software (based upon the role of the software in the system/ service and the maximum impact that a defect/deviation would have on the system/service).
The TSFr was formalised through the British Standards Institution as PAS754:2014 as a specification for software trustworthiness with the intention that it be used either as a stand-alone document or as a companion/complement to other relevant standards.
Trustworthy Software Essentials (TSE) was established as a subset of the comprehensive set of controls listed in the TSFr, providing a baseline set of controls organised under the mnemonic SCUDA (Scope for Use, Coding Practices, Use Tools Effectively, Defect Management and Artefact Management).