Skip to content

Compliance

Compliance with Trustable means making a commitment to:

  1. Only make claims that you provide evidence for.

  2. Use evidence to measure the extent to which those claims are met.

    The Trustable Methodology provides a flexible approach to building chains of Claims connecting Expectations to Evidence.

The Trustable Score provides a measurement of the degree to which your Expectations (and Assertions) are met, based on the quality of your Evidence and your argument.

Using the -trustable suffix

A release that meets conditions (1) and (2) above is considered to comply with Trustable. This should be indicated by appending the -trustable suffix to the release tag.

Note

Compliance with Trustable (or equivalently a release marked with -trustable) does not mean that the software can be trusted implicitly (that is, without question or reservation). Rather, it means that sufficient information about the software and its properties is provided to the user, to enable them to make an informed decision as to whether they can trust the software for their application.

Reference implementation of Trustable

We believe that our implementation of Trustable (Following the Trustable Methodology and using the tooling we provide to produce a Trustable Report) is a systematic method for achieving Trustable Compliance. Therefore, consumers of this reference implementation of Trustable may interpret (1) and (2) as equivalent to the following:

  • The Trustable Methodology is applied to all claims made for their software
  • trudag is used to store and track confidence in these claims
  • A Trustable Report is included with the release:
    • The report is not meant to be checked in but should be provided with each release as a downstream consumable artefact.
    • Optionally, data can be shared with each release to allow reproduction of the generated report.

A release meeting these conditions may also use the -trustable tag.