Why do information security professionals describe operating systems using the word "trust" rather than "secure"?

Information security professionals emphasize the concept of "trust" when discussing operating systems because "trust" provides a flexible framework for evaluating and measuring security. Unlike "secure," which implies a definitive state—where something is either secure or it is not—trust can be seen as a spectrum. This allows for a more nuanced understanding of a system's capabilities and vulnerabilities. For instance, one system may have certain components deemed trustworthy due to effective security measures, while other components might not.

By using the term "trust," professionals can assess and communicate the varying levels of security confidence associated with different features, configurations, and operational contexts of the operating system. This graded approach enables organizations to make informed decisions based on risk assessment, rather than relying on a binary secure/not secure categorization that might not accurately reflect the operational realities they face.