Posted on Tue 30 August 2016
In security nomenclature, “trusted system” or “trusted device” does not mean the ordinary usage. It does not mean “we think this system is trustworthy”.
It means “we have no choice but to trust this system”.
The two are not even remotely synonymous, and the difference has probably been literally fatal.
“Trustworthy” implies:
- reliability: it always works or clearly reports an error
- integrity: it does what it says it does
- authenticity: it is the thing you think it is
“Trusted” means that it is, in practice, the thing being relied on.
Many trusted systems appear to be trustworthy, but are not. In order to be trustworthy, a system needs to be tested and maintained.