From: Nobody [nobody@sc8-sf-web1.sourceforge.net] on behalf of SourceForge.net [noreply@sourceforge.net] Sent: Sunday, January 30, 2005 15:59 To: dennis.hamilton@acm.org Subject: SourceForge.net Project Registration: trost Follow Up Flag: Follow up Due By: Wednesday, February 02, 2005 22:00 Flag Status: Completed This is an automated message, containing the details you submitted in your project registration. Please keep this message in a safe place, for future reference. This message will have been sent whether or not your project registration was properly received by the SourceForge.net site (this is a feature to ensure you have a copy of your registration details). If you are submitting a new project registration, you should have been provided a page stating that the registration was properly received, including an ETA as to when the registration would be reviewed by SourceForge.net staff. If you are taking over an existing project, you should have been redirected to a Tracker browse view following the automated submission of your request to take over that project. If you received any error or warning messages, instead of one of the two aforementioned outcomes, chances are high that your registration was not properly received; please contact the SourceForge.net team if this is the case. Support requests may be submitted at: https://sourceforge.net/tracker/?func=add&group_id=1&atid=200001 Project Information ------------------- 1. Submitter: orcmid 2. Project UNIX Name: trost 3. Project Descriptive Name: TROST: Open-System Trustworthiness 4. License: Other custom license (OSD-compliant Open Source) License other: Academic Free License 2.1, BSD License, Creative Commons Attribution 2.0 5. Project Description: The TROST Project creates Templates for Raising Open-System Trustworthiness. The templates comprise a framework for demonstration and assertion of software trustworthiness by developers, with verification fully available to administrators and end-users. 6. Registration Description: The Project Aims: · To deliver a framework for development and maintenance of software with demonstrable trustworthiness · To demonstrate feasibility of the framework by applying it to delivery of open-source software for integration on desktop PCs · To have procedures and practices that end-users can apply to confirm the level of trustworthiness asserted for a program Project Sketch: Computer end-users find they must trust in the software that they use, having few means to directly appraise the steps taken to assure the trustworthiness of software that they employ. Although trust is a factor in the adoption of any software components for use, commercial adopters express concern about the authenticity, legality, and quality of software obtained from open-source distributions, especially when there is no distinct commercial organization that bears producer's risks and stands behind the software. TROST consists of a framework and procedures used to incorporate trustworthiness assurance in the development and delivery of open-system software. With TROST, adopters can confidently establish: · Whether the software distribution is authentic, and what that means · Whether the software is certified to be derived from the "official" public source code, and how that can be independently verified · Whether there are assessments of the security, reliability, and integrity of individual source code constituents, how authoritative those assessments are, and the availability of details for independent review · Whether the covered subject-matter of the open-source license has been asserted to be free of conflicting intellectual-property restrictions by its contributors · Whether a security threat model is defined for the software and how it can be reconciled in an overall threat model for the application in which the software is to be used · When modifications and even revocation of assessments come to light, and any remedies that are available for discovered deficiencies The framework also identifies available tools for use in verification and assessment-confirmation procedures. A key principle is having each installable component be linked with the latest certifications asserted for it, accounting for the dynamic nature of trustworthiness. Deliverables: TROST materials are delivered as on-line documentation in web pages, help files, and printable documents (Microsoft Word or Adobe Acrobat). The packaging of the software delivered in demonstration of the framework templates includes links to instructions for verifying the software and for locating all materials required to confirm the various certifications. There are on-line documents and help files that describe the certification and its limitations for each component of the delivered software. A worked case will be applied to delivery of a reference implementation for an ODMA integration. This will be a production-quality reference implementation delivered under the ActiveODMA project on SourceForge. Specific application of TROST principles to that reference implementation will be carried out as a focused proof-of-concept. Other cases, with suitable customization of the overall framework, are expected to be applied by other developers as dictated by their interests. [end] Status ------ Your request should be reviewed by SourceForge.net staff in the next two business days (9AM to 5PM, Monday through Friday). Response regarding your project (notice of rejection/approval) will be posted to your >My SourceForge.net Projects page (accessible via the My SF.net link at the top of each site page). No email notification will be provided about approval/rejection of your project. https://sourceforge.net/my/myprojects.php Should you have questions or concerns regarding the status of your project registration, please submit a Support Request at: https://sourceforge.net/tracker/?func=add&group_id=1&atid=200001 Thank you, SourceForge.net staff