Chapter 8. Software Transparency
The practice of transparency—the deliberate disclosure of hidden software attributes including origins, composition, and build and test processes—has become important in today’s technical world, where little is known about the software, firmware, or hardware that enables every aspect of our lives. Software transparency, and really any transparency in technology, means that the creator or manufacturer has disclosed information about what is inside the product or services and how it was made. This disclosure builds a connection between the parties and hopefully builds trust into the relationship.
Transparency measures are routine in many consumer products, such as the ingredients list on a box of packaged food. But there are significant differences between that example and software transparency. Generally, packaged food does not provide the source of the ingredients unless it is highlighted for marketing reasons. A stick of butter, for example, lists components (pasteurized cream and salt), potential risks (contains milk), and may include provenance of some components (cows from Ireland), but it does not describe the architecture (recipe), known risks (lactose intolerance), and other provenance (location where the salt was mined, what equipment was used, and the location where the butter was manufactured).
Now let’s look at a more complicated example. Consider the transparency of a smartphone, as shown in Figure 8-1. Transparency would, at a minimum, ...
Get Software Supply Chain Security now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.