In the EUCAN-Connect project we have had some discussions about all the excellent DataSHIELD packages that are being developed by the wider community. One of the questions that has come out of this is how data owners can “trust” that packages developed by others have been designed to minimise the risk of disclosing data, in the same way that dsBase is trusted. A way of dealing with this might be to have some kind of audit process where DataSHIELD packages are assessed through peer review. Clearly this involves extra work for people, so the aim of the process would be to achieve an appropriate balance between providing reassurance about the trustworthiness of a package versus minimising the amount of bureaucracy.
I have posted a draft process on the DataSHIELD wiki (link below) and would be happy to receive feedback and suggestions.