We, apparently, cannot do much, but those who developed it can actually do something. What they currently do follows one of three uncomplicated patters. As you loose in two out of three cases, read and learn.
The winning (for us) case is a simple one: if the software is untrustworthy then it has to be redeveloped and made trustworthy. Which means that developers have to return to their digital drawing boards and coders to their worn-out keyboards. If there is a legacy software, it must be re-opened and fixed.
As it seems like a lot of work, companies are rather reluctant to follow this path. Actually, there is only one company that I have heard of: Microsoft. Seriously, Microsoft. You may not like them (I do not), but I have to admit that they had guts to re-do the whole crappy software. The problem is that they spent a lot of money and they are unable to capitalize on it. Which means that in the first case we may win, but the company may loose.
The second case is a particularly popular one. Instead of fixing errors, the company wraps the software into the sandbox and promises that the sandbox (or a firewall, or virtualisation) will make the package trustworthy. The outcome: the quality of the original bit of software rapidly deteriorates while the whole focus is put in making the sandbox even more complicated.
Eventually, we have an untrustworthy software in an untrustworthy sandbox. At which stage the company offers us another sandbox to wrap up the existing sandbox. Seriously, we should have known better, but we always fall for this trick. The currently fashionable sandbox is called ‘the cloud’. Did you fell for it? I thought so. And you are in a good company.
The third case is popular mostly for the corporate software. It follows the popular phrase: do not ask – do not tell. Managers do not ask about the trustworthiness of the software because if they knew they would have to make a decision. Employees learned hard way not to trouble the management so that they patch the software with policies and processes instead. Everything works well, but those pesky customers do not want to play the ball and leave for a competition. Fortunately the competition quickly upgrades its software and their managers do not want to know of any trouble so that the ball keeps rolling.
What can you do? That’s easy: recognize trustworthiness with your trust. Which means: use only trustworthy software and be prepared to pay for it. Sounds deceptively easy, isn’t it? Why aren’t we doing it already? Where’s the catch?
Here is the catch: can you tall a trustworthy software from an untrustworthy one by just looking at the box? No? You are not the only one? Software is a promise, not a product, and it is hard to inspect the promise at the point of sales. But there is a way. Use Trust-O-Meter. It actually works. It is not complicated. Give it a try.