--- tags: BlogPosts title: SIFIS-Home Building trust --- One of the pillars of *SIFIS-Home* is making the *Home IoT* more trustworthy. The user could trust an expert opinion, think about the [CE marking](https://ec.europa.eu/growth/single-market/ce-marking/) and the information that delivers in a fairly simpler way: "If it is present and not a counterfeit the odds of the device [exploding](https://www.ithinkdiff.com/fake-iphone-charger-sold-instagram/) are fairly scarce", or the peace of mind of knowing that service provider you are using is [GDPR](https://ec.europa.eu/info/law/law-topic/data-protection/data-protection-eu_en) compliant. How to have some additional peace of mind, so that we are moderately certain the odds of having devices such as a **baby monitor** are not abused in [creepy ways](https://www.nbcnews.com/news/us-news/stranger-hacks-baby-monitor-tells-child-i-love-you-n1090046)? If you are the certifier you need to test and verify that the device, and its software, are working as expected. The people behind the Apple App Store and Google Play Store, do try their best to make sure the software is not too malicious or too broken. If you are a developer or an integrator you have a number of tools and practices to help you write reliable code. ## γνῶθι σαυτόν - nosce te ipsum - know yourself The first step in our journey to build reliable code starts with the developers and their tools and practice. If you want to provide something trustworthy you have to know yourself, your strengths, and your weakness. During the WP2 activities we try to provide means to access the overall workflow and code quality. The program quality is strongly correlated to the source code quality and the latter correlates strongly with good workflows. ## Automation is your friend How many do not spend time to set up a [Continuous Integration](https://en.wikipedia.org/wiki/Continuous_integration) system even if now they are coming for free and, thanks to the improvements in the containerization technology, they are even fairly easy to setup on premise? Fully [Reproducible Builds](https://en.wikipedia.org/wiki/Reproducible_builds) sound a lot of effort, but [Continuous Delivery](https://en.wikipedia.org/wiki/Continuous_delivery) setups will spare **lots of time** in the long run. ## Test everything and more Your development drive may not be [tests](https://en.wikipedia.org/wiki/Test-driven_development) but fiery passion, but a good [code coverage](https://en.wikipedia.org/wiki/Code_coverage) gives you and your users already some peace of mind. ## Look deeper [Static](https://en.wikipedia.org/wiki/Static_program_analysis) and [Dynamic](https://en.wikipedia.org/wiki/Dynamic_program_analysis) Analysis tools are precious if you want to detect elusive bugs. No matter if they are simple linters cleaning up the coding style, cognitive complexity estimator or memory fault detectors, they have infinite patience and can help humans reasoning about what they wrote effectively. ## Avoid mistakes Modern Languages, such as [Rust](https://rust-lang.org) and to minor degrees [Swift](https://docs.swift.org/swift-book/LanguageGuide/MemorySafety.html) and [Zig](https://ziglang.org/), focus in actively prevent large classes of common mistakes. Choosing a different language could be perceived as a huge leap, but the productivity increase is making more and more organization considering and executing the switch. The latest organization to join the party is [Linux itself](https://www.zdnet.com/article/rust-in-the-linux-kernel-just-got-a-big-boost-from-google/). If you managed to read up to this point, please fill in [this form](https://forms.gle/txD2jbsevpREbMDM8) so I can gauge what aspect should be discussed first. # Author [Luca Barbato](https://github.com/lu-zero) is a long time Open Source contributor, member of VideoLan, Gentoo, X.org and few other organizations. He is participating to SIFIS with his company, Luminem SRLs.