The authors identify numerous questions surrounding the notion of trust relating to hardware and software upon which the world grows increasingly reliant, such as information and communications technology (ICT). They recognize that trust and risk are often context-specific, but argue for the usefulness of a more general “baselines for trustworthiness” to more effectively make risk-assessments across different domains. Some reasons they cite for why such a baseline has not yet been constructed include: lack of sufficient systems descriptions, lack of standardized metrics to make evidence-based analyses, and the “large amount of variables contributing to trust.” In an attempt to develop some general principles to “guide an overall assessment of trustworthiness in hardware and software,” the authors compiled an annotated bibliography of previously proposed criteria for trustworthiness.
