Assessment Techniques, Certification and [What Else We Need for] Confidence in Software

Summary form only given. Certification of software may play multiple roles, both intended and unintended, and both beneficial and damaging. Some of these roles are unrelated to what the name “certification” is about, i.e., creating certainties; for those that are related to it, we should usually talk about creating confidence rather than certainty. With an eye on this socio-technical landscape, this talk will attempt a map of the logical links between the evidence collected through assessment practices and the confidence in reliability, safety or security that users wish to derive from the evidence. Central issues are the links between deterministic and probabilistic claims, their scopes of validity, and the evidence behind them. Probing these links raises useful questions about unstated assumptions, possible means for giving confidence more solid bases, and how these could affect the practice of certification.