What Is Trust?
Part of the Trust in Digital Life Webinar Series 2025
The fifth 2025 TDL webinar took place on Thursday, 3 April when a group of distinguished speakers were invited to discuss issues related to understanding the various facets and aspects of trust in the context of cybersecurity.
The term ‘trust’ in cybersecurity has generated an extensive research literature, led to the emergence of new standards and new classes of products. Trust comes with a variety of definitions. The understanding of the concept of trust in different scenarios is essential to managing the expectations and requirements of end users and systems, creating new security models, designing APIs and numerous other use cases.
Trust may be the most popular word in the cybersecurity space, but its definitions for different areas are frequently contradictory, e.g., definitions of technical trust and zero trust models. Is a unified definition of trust possible? Is it useful for cybersecurity at large? Is trust merely an abstraction or a useful technical concept? Is trust and trustworthiness related or different terms in technology?
‘Trusted Computing’ started as a distinct area in the late 1990s. The paradigm evolved as the computing environment changed. There are now several technical varieties, from application and device trustworthiness to confidential computing. So, what is trust in modern computing? And what is the future of trust in computing?
The speakers were:
• Matt Areno, CTO, Rickert-Areno Engineering
• Joanna DeFranco, Associate Professor of Software Engineering, Penn State University
• Sudhir Ethiraj, Global Head of Cybersecurity Office (CSO) & CEO Business Unit Cybersecurity Services (CSS), TÜV SÜD; Member of the Board of Directors and Taskforce Lead – Security by Default, Charter of Trust
• Yiorgos Makris, Professor of Electrical and Computer Engineering (ECE), University of Texas Dallas
• Simone Onofri, W3C Security Lead
• Marc Vael, Chief Digital Trust Officer Esko & President SAI.BE
The session was moderated by Claire Vishik, TDL Strategic Advisor.
Trust in Technical Fields
The panellists discussed the concept of trust in various technical fields and offered their perspectives. One of the panellists emphasised the evolving nature of trust across different stages of hardware and software development, others highlighted the need to weigh benefits against risks when selecting an approach to trust. The importance of a common standard for transactions and setting up expectations for the behaviour of systems was emphasized to ensure trustworthiness in environments like supply chains and AI systems. In another context, trust in semiconductor manufacturing can be seen through the lens of products, processes and intellectual property.
Security testing and digital credentials help quantify and justify trust in interactions and need to be broadly established. Customer-driven trust is an important aspect and organisations must set a culture of trust.
Establishing Trust in Complex Supply Chains
The importance of mutual trust in relationships was addressed, emphasising that trust requires mutual adherence to defined standards and conduct. There are numerous challenges in establishing trust in complex supply chains involving multiple sources and products. A system for secure data sharing and verification of systems' performance combined with viable testing techniques is crucial for trust. The panel agreed on the need for standards and clear expectations in establishing trust.
Trust in Cybersecurity: Many Contradictions
The panel also agreed that trust is contextual. And used in contexts that contain contradictions. For instance, the dichotomy between trust/trustworthiness and zero trust models. Trust is not always black and white, and it's essential to evaluate what we trust. They also discussed the importance of transparency and visibility in trust.
Trust and Trustworthiness
Triggered by a question from the audience, the meeting focused on the concept of trust and trustworthiness in various contexts. During the discussion, the Charter of Trust, a security-by-default task force that aims to establish digital trust by defining baseline requirements for products, processes and organisational models were introduced. Trust doesn't mean 100% security, but rather resilience and the ability to recover quickly from cyber attacks. Trust can be presented through specific claims and attributes, as well as the need for verifiability in trust frameworks. Making these requirements verifiable is a significant challenge. Trust should be perceived as a value-added proposition, rather than something expected in all contexts. Just as communities need to be educated on privacy, they need to be educated on trust in technology. The panellists agreed that trust and trustworthiness are crucial concepts in their respective areas, and that the regulatory requirements associated with them are significant.
Subjective Nature of Trust and Trustworthiness
The panellists went on to discuss the concept of trust, its subjective nature, and how it evolves over time. They agreed that trust is a choice made based on available information and context, and it can change at any point in time. The speakers also drew attention to the importance of having a uniform definition of trust within an organisation and the need for trust to be maintained throughout. They discussed the idea of trustworthiness as a metric for risk management and the need for a mutually accepted code of behaviours for trust to be established. The panellists concluded that trust is not the same as faith and that it can be based on evidence and verification.
At the end, each panellist offered their own definition of trust. These definitions can be heard at the end of the video recording. The panellists will reconvene in a few months to discuss some of these topics in greater depth.
Watch the full recording of the webinar on our YouTube channel here!
Hello there,
Huge Respect for your work!
New here. No huge reader base Yet.
But the work has waited long to be spoken.
Its truths have roots older than this platform.
My Sub-stack Purpose
To seed, build, and nurture timeless, intangible human capitals — such as resilience, trust, truth, vision, evolution, fulfilment, quality, peace, patience, discipline, relationships and conviction — in order to elevate human judgment, deepen relationships, and restore sacred trusteeship and stewardship of long-term firm value across generations.
A refreshing take on our business world and capitalism.
A reflection on why today’s capital architectures—PE, VC, Hedge funds, SPAC, Alt funds, Rollups—mostly fail to build and nuture what time can trust.
Built to Be Left.
A quiet anatomy of extraction, abandonment, and the collapse of stewardship.
"Principal-Agent Risk is not a flaw in the system.
It is the system’s operating principle”
Experience first. Return if it speaks to you.
- The Silent Treasury
https://tinyurl.com/48m97w5e