Improving Software for Society
Associate Partners
The IAP are partnered with many academic and professional organisations, bodies and companies to provide a better service for it’s members and to promote good software development practice. Please see more information about each below. Partners include:
• Trustworthy Software Foundation (TSF)
• UK Cyber Security Council
• University of Lincoln
• Department of Computer Science
• University of Plymouth
• University of South Wales
• Pearson
• Wiley
• Women in Technology
• Leyton
• Dell Technologies
• Geek Zone
The Trustworthy Software Foundation (TSF) – www.tsfdn.org
Every aspect of our lives are now touched by information technology. We use and often depend on an ever increasing, diverse range of software. These applications need to be robust and reliable yet, despite growth in demand and availability, improvement in the quality of the software often doesn’t keep pace.
The 2014 Trustwave Global Security Report, revealed; 96% of those scanned harboured one or more security vulnerabilities and 100% of the mobile applications tested contained at least one vulnerability and that 71% of compromised victims did not detect or become aware of the breach.
The root cause of many cybersecurity problems is untrustworthy software, which concerns safety, reliability, availability, resilience and security. The Trustworthy Software Initiative (TSI) raises awareness of the dangers of untrustworthy software and provides the tools, techniques and information on software engineering good practice in order to deliver software that addresses these issues.
In 2014, the UK Government’s National Cyber Security Programme (NCSP) sponsored the Trustworthy Software Initiative (TSI) to provide tools, techniques and guidance to train both the current and future workforce in the production, supply and procurement of trustworthy software with the objective of ‘Making Software Better’. Guidance for this initiative was provided by the Department for Business Innovation and Skills (BIS), the Centre for the Protection of the National Infrastructure (CPNI) and private sector organisations via a Stakeholder Advisory Group (SAG). The TSI has captured and collated a body of existing guidance, relevant standards and best practices as its Trustworthy Software Framework (TSF) and is working with professional bodies, particularly the Institution of Engineering and Technology (IET), the British Computer Society (BCS) and The Institution of Analysts and Programmers (IAP) to provide education and training collateral to enable trustworthy systems to flourish. This ‘experience’ was used to produce an initial undergraduate training module, led by the Cyber Security Centre, Warwick Manufacturing Group (WMG) at the University of Warwick, under the direction of Professor Tim Watson.
The TSI was a UK Public Good initiative aimed at ‘making software better’ and its mission is to: “…enhance the overall software and systems culture with the objective that software should be designed, implemented and maintained in a trustworthy manner”. The initiative had three major strands of work: development of the Trustworthy Software Framework (TSF) as a consolidated body of knowledge, reflecting good-practice in software engineering processes; creating educational material for use initially at undergraduate level but ultimately across the full educational spectrum and; promoting awareness of software engineering good-practice and aligning it with formal standards and supplier verification.
Much of the initiative’s activity was focused on the development of the TSF which provides a domain and implementation agnostic way to reference the large existing body of knowledge by providing a consensus collation of good practices and standards for software trustworthiness. The TSF was built as a layered repository with increasing levels of detail. At the top level it introduces concepts, the next level addresses principles, the third level encompasses techniques and the fourth level is a repository for methods, citations and data sharing. This framework is embodied in the British Standards Institute (BSI), Publicly Available Specification (PAS) 754:2014 Software Trustworthiness Governance and Management Specification. This framework/specification should help organisations who are procuring, supplying or using software to identify relevant good practices and standards.
The Training, Education and Awareness (TEA) team developed the educational material and so far have developed and tested a one hour introductory lecture which has been delivered to students on Computer Science and related courses. The aim of this lecture is to explain the need for, and relevance of, trustworthy software and is targeted at the top level of the TSF. Further work is required to produce educational material covering the second and third levels of the TSF.
The awareness work undertaken by the TSI programme encompassed a broad range of stakeholders, including software suppliers, procurement teams and those specifying new software. For example, UK central government departments are developing a standard contract for the purchase of services, including the development, operation and maintenance of software. Officials developing this contract have been briefed on the TSI’s work and are planning to incorporate relevant provisions in the contract. The TSI also worked with relevant professional bodies with a view to encouraging individuals who are applying for professional registration to understand or apply software trustworthiness to their work. Whilst these individuals may not be writing software, they may be using software-based tools for analysis, modelling or design and they should, therefore, be seeking assurance as to the trustworthiness of the tools they are using. As part of this work, the team is also looking for appropriate means of encouraging suppliers to seek verification of the quality of their software engineering practices, for example, as part of the TickITPlus scheme.
Given our dependence on software in virtually all aspects of our lives, its trustworthy operation is increasingly important to protect our safety, security and wellbeing. The UK Government recognised this and launched the TSI as part of the National Cyber Security Programme. The Minister for the Cabinet Office stated in December 2012: “We support and fund the Trustworthy Software Initiative, which aims to improve cyber security by making software more secure, dependable and reliable and to educate on why trustworthy software is important’. In June 2014, at the launch of BSI PAS754, the Minister of State for Universities and Science stated: “The Trustworthy Software Initiative will help UK companies select the most secure, dependable and reliable software for their needs as well as providing them with the skills to use it effectively”.
Untrustworthy software can have serious impacts on our lives such as: leaking personal information and putting us at risk of identity theft; it can lead to errors in calculations, causing economic or financial damage; it can also result in systems failures putting lives and the environment at risk. The TSI developed the Trustworthy Software Framework, a collation of software engineering best practice, which forms the basis of BSI PAS754. By adopting and applying this Framework/Standard we can significantly improve the trustworthiness of the software that affects our daily lives and make the UK a better place to live and do business with.
Lieutenant General Sir Edmund Burton KBE was the Chair of the Advisory Committee on Trustworthy Software (ACTS), a role he also performed during the original Trustworthy Software Initiative (TSI) which preceded the formation of the Trustworthy Software Foundation (TSFdn) and was a key figure in guiding the development of the TSI and TSFdn. Another key figure was Ian Bryant of the MOD, who has been a leading light in the promoting Trustworthy Software and Standards.
In 2016 the Government transferred the ownership of TSI to the Trustworthy Software Foundation TSFdn, which was comprised of all the professional organisations involved in the TSI, with Ian Bryant as an advisor on progressing PAS10754 to becoming BS10754.
“I feel it is a pretty significant moment in our history as we are demonstrably now taking the lead in an initiative launched by HM Government”. Alastair Revell, Director General of the IAP. In 2018, The Institution of Analysts and Programmers became sole custodians of the TSFdn and keeper of the artificats, with Alastair Revell an Graham Fenton as its Directors.
Through our relationship with the TSFdn, the IAP are members of the British Standards committee for BS1074. Copies of the standard are available from the BSI. As members of the TSF and the BSI, we have two of our Fellows of the Institution John Ellis and Luc Poulin, both experts in Trustworthy Software as representatives on several committees relating to Trustworthy Software including BSI/ICT/001/01, ISO/IEC JTC 1/, ISO 27034, AG8, WG12, WG13, PWI 18194, PWI 5957, PWI 9814 and WD 31303. They work with international colleagues around the world to improve the way software is created and managed.
UK Cyber Security Council – www.ukcybersecuritycouncil.org.uk
The Institution of Analysts and Programmers is a founding member of the Collaborative Alliance for Cyber Security and is a key participant in the design and delivery of the new UK Cyber Security Council on behalf of the UK Governments Department for Digital, Culture, Media & Sport (DCMS). The Alliance is a consortium of organisations that represent a substantial part of the cyber security community in the UK. Its members include: (ISC)² | BCS, The Chartered Institute for IT | Chartered Institute of Information Security (CIIS) | CIPD | CompTIA | Council of Professors and Heads of Computing (CPHC) | CREST | Chartered Society of Forensic Sciences (CSFS) | Engineering Council | Information Assurance Advisory Council (IAAC) | The Institution of Analysts and Programmers (IAP) | The Institution of Engineering and Technology (IET) | Institute of Measurement and Control (InstMC) | ISACA | Royal Academy of Engineering | Security Institute | TechUK | The Worshipful Company of Information Technologists (WCIT)
The UK Cyber Security Council continues to work in partnership with the National Cyber Security Centre (NCSC) and others to develop with a broad representation of organisations and has been tasked to support the Government’s National Cyber Security Skills Strategy by providing recognition across the practicing community, while enhancing standards and thought leadership for the future. In June 2021 the IAP became a founding member of the UK Cyber Security Council. To view the Certificate of Membership click HERE.
WHAT IS THE UK CYBER SECURITY COUNCIL
The Government launched a consultation on 19 July 2018 outlining proposals to develop the cyber security profession in the UK. This included a proposal to create a new, independent UK Cyber Security Council. The consultation ran for six weeks and closed on 31 August 2018. 307 responses were received.
All suggestions and comments were carefully reviewed and analysed by the Government and it was decided that the consultation showed strong support for the main thrust of the proposals: which were to define a series of objectives for the profession to achieve and to create a new, independent UK Cyber Security Council to coordinate delivery. In view of the level of support, the Government decided to identify a lead organisation to design and deliver the new UK Cyber Security Council. An invitation to apply was issued, via a competitive process, for between £1m to £2.5m of Government funding to lead the work. The application period for proposals opened in December 2018 and ran until March 2019. The contract was awarded to the Cyber Security Alliance who nominated the IET as it’s lead for the project. Establishing a new, independent UK Cyber Security Council is a key part of the Government’s new Initial Cyber Security Skills Strategy which is being published in parallel.
University of Lincoln – www.lincoln.ac.uk
The University of Lincoln was the Institution of Analysts and Programmers first Academic Partner. We are pleased to work with the Faculty and Students to improve software development standards. The School of Computer Science is based at their picturesque waterfront Brayford campus and benefits from state-of-the-art facilities in the Isaac Newton Building. The School holds a broad range of expertise in Computing Technologies and Information Systems, including specialisms in robotics and autonomous systems, computer vision and image engineering, medical applications of technology, social computing, games computing, cultural computing and business computing.
University of Oxford Department of Computer Science – www.cs.ox.ac.uk
One of oldest Academic Partners, we are pleased to work with the University. There are 38 Oxford colleges, which are financially independent and self-governing, but relate to the central University in a kind of federal system. There are also six permanent private halls, which are similar to colleges except that they tend to be smaller, and were founded by particular Christian denominations. The colleges and halls are close academic communities, which bring together students and researchers from different disciplines, cultures and countries. This helps to foster the outstanding research achievement that has made Oxford a leader in so many fields. The colleges and the University work together to organise teaching and research, and many staff at Oxford will hold both a college and a University post.
University of Plymouth – www.plymouth.ac.uk
Plymouth is one of our IAP Prize centres. Students software projects are evaluated and the winner receives a certificate, cash prize and a free years membership of the Institution. Computing at the University of Plymouth is the embodiment of this passion to develop, create and innovate with a range of undergraduate and postgraduate degrees focused upon producing the next generation the computer scientists and engineers. With a rich history in providing excellent research and industry informed teaching, our graduates have excellent employment opportunities and are led through their learning by experienced research and commercially active staff. This ensures students are kept at the cutting edge of technological development and go into industry primed with the right skills, knowledge and mindset to succeed.
University of South Wales – www.southwales.ac.uk
The University of South Wales is another of our IAP Prize centres. Students software projects are evaluated and the winner receives a certificate, cash prize and a free years membership of the Institution. They have developed maths and computing courses in consultation with businesses and professional bodies, equipping students with essential skills and experience in order to gain employment when they graduate. Many of our courses are recognised by professional bodies, including the Institution of Analysts and Programmers, British Computer Society (BCS) and the Institute of Mathematics and its Applications, which give them a professional seal of approval.
Pearsons – www.pearson.com
Learning opens up opportunity and enriches every stage of life. We want to help people along this path of discovery and inspiration, cultivating a love of learning that enables a lifetime of progress. That’s why we support charities that are just as dedicated to helping people make their lives better through learning – including Project Literacy and Magic Breakfast. Pearson offer IAP members up to 30% off selected books.
Wiley – www.wiley.com
John Wiley & Sons was founded in 1807. Wiley is an independent, global publisher of print and electronic products. They specialise in scientific and technical books, journals, textbooks, education materials, and professional and consumer books. Wiley’s offer IAP members a generous discount on their books.
Women in Technology – www.womenintechnology.org
“When one woman helps another, amazing things can happen.” Women in Technology (WIT) serves the educational, professional, and personal needs of women in the technology industry through interactive programming and inspiring connections. Designed with the unique challenges of being a woman in technology, WIT programs provide education and mentoring to advance women from the classroom to the boardroom.
Leyton – www.leyton.com/uk
More than 60% of software businesses are eligible for R&D tax credits. Leyton works in partnership with their clients to identify the government funding schemes that are most relevant to their business and can deliver maximum returns in tax credits or grant funding. They then explore the clients’ business activities in detail using qualified sector experts to ensure all potential qualifying costs are considered. They use a tried and tested methodology that has delivered over 7,500 successful claims in the last 10 years’ worth over £350m to their client-companies.
Dell Technologies – www.dell.com/en-uk
The IAP and Dell have got together to offer our members a discount on Dell products and some services. This could save members up to 20% and may be on top of existing Dell discounts. The discount can be used by individuals and businesses alike. While we cannot guarentee you cannot buy it cheaper elsewhere, it must be worth a look when buying new computer equipment.
Geek Zone – www.geek.zone
Proud to be called geeks, the Geek Zone community believe that being knowledgeable, passionate and curious, is great. They run many events for the like-minded who can meet inspirational people and come together through shared interests. They are a not-for-profit social network and charity. The Geek Zone community aim to support each other, fight to change negative perceptions and create links with other organisations.