CITL and the Digital Standard - A Year Later

Presented at DEF CON 25 (2017), July 28, 2017, noon (45 minutes).

A year ago, Mudge and I introduced the non-profit Cyber ITL at DEF CON and its approach to automated software safety analysis. Now, we'll be covering highlights from the past year's research findings, including our in-depth analysis of several different operating systems, browsers, and IoT products. Parts of our methodologies have now been adopted by Consumer Reports and rolled into their Digital Standard for evaluating safety, security, and privacy, in a range of consumer devices. The standard defines important consumer values that must be addressed in product development, with the goal of enabling consumer organizations to test, evaluate, and report on whether new products protect consumer security, safety, and privacy.

Presenters:

  • Sarah Zatko - Chief Scientist, Cyber ITL
    Sarah Zatko is the Chief Scientist at the Cyber Independent Testing Lab (CITL), where she develops testing protocols to assess the security and risk profile of commercial software. She also works on developing automated reporting mechanisms to make such information understandable and accessible to a variety of software consumers. The CITL is a non-profit organization dedicated to empowering consumers to understand risk in software products. Sarah has degrees in Math and Computer Science from MIT and Boston University. Prior to her position at CITL, she worked as a computer security professional in the public and private sector. cyber-itl.org

Links:

Similar Presentations: