What Makes Software Trustworthy? Insights from Huawei Cloud DevCloud

On April 12‑13, 2019, the GOPS2019 conference in Shenzhen featured a presentation by a Huawei Cloud DevCloud evangelist discussing the next generation of software engineering.

The speaker highlighted that software engineering has evolved over 50 years, continuously introducing new thinking, methodologies, principles, and practices.

Trustworthy software, defined as software that operates as expected without causing significant security or privacy risks when the environment changes, is broken down into five fundamental dimensions according to the 10th edition of Software Engineering and related standards.

What Is Trustworthy Software?

Safety: The likelihood that the system will not cause harm to people or its environment.

Reliability: The probability that the system provides the desired service correctly over a given period.

Availability: The probability that the system is operational and can deliver useful services at any time.

Security: The system’s ability to resist intentional attacks or intrusions.

Resilience: The ability of the system to continue providing critical services when disruptive events occur.

These dimensions are interrelated and often complement each other in software products.

How Huawei Cloud DevCloud Is Exploring Trustworthiness

The evangelist explained that achieving trustworthiness requires both mindset (Be trustworthy) and execution (Do trustworthy). The evolution of software engineering practices—from IPD to Agile to DevOps—relies on simultaneous progress in thinking and doing.

Modern software heavily relies on open‑source components, whose rapid growth has introduced significant security and vulnerability concerns. To address this, Huawei established an internal open‑source mirror repository, added vulnerability scanning, and partnered with official mirror sites.

In 2019, this service was spun out as an independent offering on Huawei Cloud DevCloud, providing users with reliable sources and high‑speed download capabilities via the Huawei Open‑Source Mirror Site ( https://mirrors.huaweicloud.com/ ).

Huawei Cloud DevCloud plans to enhance trustworthiness in its mirror service through three key capabilities:

Source trust: certification and cooperation with official mirror sites.

Transmission trust: protection against tampering during transfer.

Usage trust: multi‑layer security checks, interception, and continuous vulnerability monitoring using both Huawei’s internal data and NVD disclosures.

Ensuring trustworthiness for the vast number of open‑source components remains a challenging task, and Huawei Cloud DevCloud continues to explore solutions together with its users.