Posted on Tue 30 August 2016

trusted, not necessarily trustworthy

In security nomenclature, “trusted system” or “trusted device” does not mean the ordinary usage. It does not mean “we think this system is trustworthy”.

It means “we have no choice but to trust this system”.

The two are not even remotely synonymous, and the difference has probably been literally fatal.

Trustworthy” implies:

  • reliability: it always works or clearly reports an error
  • integrity: it does what it says it does
  • authenticity: it is the thing you think it is

Trusted” means that it is, in practice, the thing being relied on.

Many trusted systems appear to be trustworthy, but are not. In order to be trustworthy, a system needs to be tested and maintained.


© -dsr-. Send feedback or comments via email — by continuing to use this site you agree to certain terms and conditions.

Built using Pelican. Derived from the svbhack theme by Giulio Fidente on github.