As previously mentioned, a general definition of trust is, "firm
reliance on the integrity, ability, or character of a person or thing."
Trust is a major principle underlying information security; at some
point, an organization has to decide how much it trusts the people and
resources involved with managing its software assets.
Trust issues with software assets are fairly complex. Consider the
current state of the software industry: For many software companies,
the primary objective is a speedy time-to-market. Because of this, many
software manufacturers release software before many of the "holes,"
or vulnerabilities, have been fixedor worse yet, they release
the software without any regard to security whatsoever.
Because of this, it is virtually impossible to install and use software
"out of the box"; in other words, the preset, default configurations
of many software products cannot be trusted. Likewise, just as with
hardware assets, you must also examine and evaluate the ultimate source
of the software that you are using. Why are you using a particular piece
of software instead of certain other pieces?