An ongoing challenge in such assessments of software features is the lack of clear process for doing the assessment, as the question is more one of “is this doing the right thing” without clear definition of what “the right thing” is (a challenge we also tackled in our engagement with Pegasus WMS). For this engagement we utilized a modified set of principles originally put forth by Saltzer and Schroeder in 1975 on the protection of information systems, to help guide our assessment. We think utilizing the principles helped significantly and plan to continue exploring their use in future engagements.
For more information, please see the Globus-CTSC Engagement final report, available at http://hdl.handle.net/2022/19165.
We want to thank the Globus team, especially Rachana Ananthakrishnan, Mike Link, and Steve Tuecke, for their helpful collaboration on this engagement.
See how CTSC might engage with you and your NSF project at http://trustedci.org/howwehelp/.