TrustOps: New Approach for Building Trustworthy Software Presented at EDOC 2024

At the EDOC 2024 conference, 10th – 13th September 2024, Vienna, researchers Eduardo Brito, Cybernetica, and Fernando Jesús Castillo Arce, Technical University Berlin, presented their groundbreaking paper titled “TrustOps: Continuously Building Trustworthy Software”. The presentation took place as part of the IT & Software Architecture track at the Business Informatics Week 2024.

Software services play a crucial role in daily life, with automated actions determining access to resources and information. Trusting service providers to perform these actions fairly and accurately is essential, yet challenging for users to verify.  Even with publicly available codebases, the rapid pace of development and the complexity of modern deployments hinder the understanding and evaluation of service actions, including for experts. Hence, current trust models rely heavily on the assumption that service providers follow best practices and adhere to laws and regulations, which is increasingly impractical and risky, leading to undetected flaws and data leaks.

 TrustOps proposes a transformative approach to enhancing software trustworthiness by continuously collecting verifiable evidence throughout the entire software life cycle. This method addresses growing concerns around the reliability of software services, which increasingly influence access to critical resources and information in daily life.

Despite the transparency offered by open-source codebases, the complexity of modern software deployments and the speed of development make it difficult for even experts to assess whether services behave as expected. Current trust models largely depend on assumptions—that providers follow best practices and legal regulations—leaving room for undetected flaws and potential data leaks.

To combat this, the authors advocate for a new trust paradigm rooted in verifiability rather than assumption. TrustOps leverages existing tools and trust-enhancing technologies to gather concrete evidence during development, deployment, and operation stages.The paper also outlines the core principles of the TrustOps approach and provides a research roadmap for further exploration and adoption. As trust in digital services becomes ever more critical, TrustOps marks a significant step toward transparent and accountable software ecosystems.