The user should be able to trust an expert opinion – think about CE marking and the information it delivers in a easily perceptible way: “If it is there, and not a counterfeit, the odds of this device exploding are fairly scarce”, or the peace of mind gained by knowing that the service provider you are using is GDPR compliant.
How, then, to have some additional peace of mind, for example so that we can be moderately certain that having devices such as a baby monitor is not abused in creepy ways?
If you are the certifier you need to test and verify that the device, and its software, work as expected.
The people behind the Apple App Store and Google Play Store do their best to make sure the software is not too malicious or too broken.
If you are a developer or an integrator you have a number of tools and practices to help you write reliable code.
γνῶθι σαυτόν – nosce te ipsum – know yourself
The first step in our journey to build reliable code starts with the developers and their tools and practices.
If you want to provide something trustworthy you have to know yourself, your strengths, and your weakness.
During the SIFIS-Home WP2 activities we try to provide means to access the overall workflow and code quality.
The program quality is strongly correlated to the source code quality, and the latter correlates strongly with good workflows.
Automation is your friend
How many developers do not spend time to set up a Continuous Integration system even if they are now available for free and, thanks to the improvements in the containerization technology, are even fairly easy to set up on premise?
Fully Reproducible Builds sound like a lot of effort, but Continuous Delivery setups will spare lots of time in the long run.
Test everything and more
Your development drive may not be tests but fiery passion, but a good code coverage gives you and your users some peace of mind already.
Static and Dynamic Analysis tools are precious if you want to detect elusive bugs.
No matter if they are simple linters cleaning up the coding style, cognitive complexity estimators, or memory fault detectors, they have infinite patience and can help humans’ reasoning on what they wrote effectively.
Modern Languages, such as Rust and, to minor degrees, Swift and Zig, focus on actively preventing large classes of common mistakes. Choosing a different language could be perceived as a huge leap, but the productivity increase is making more and more organizations consider and execute the switch.
The latest organization to join the party is Linux itself.
If you read up to this point, please feel free to fill in this form so I can gauge what aspects of Home IoT security should be discussed next.
Luca Barbato is a long-time Open Source contributor, member of VideoLan, Gentoo, X.org and a few other organizations. He participates in SIFIS-Home with his company, Luminem SRLs.