THE STATE OF SECURITY presented at Summercon 2017

by Sarah Zatko,

Summary : The security field suffers from a lack of hard data. Too often, security professionals have to give recommendations based on what feels true or what seems to be true, rather than real ground truth. At the Cyber ITL, a nonprofit research organization, we're working to replace such truthiness with hard data. We're also focusing on binary analysis, as the field's focus on source code analysis has left some major blind spots in security reviews of software products.
A year ago, Mudge and Sarah introduced the Cyber ITL and its approach to automated software safety analysis. Now, they'll be covering highlights from the past year's research findings, including our in-depth analysis of several different operating systems, browsers, and IoT products.
Parts of their methodologies have now been adopted by Consumer Reports and rolled into their Digital Standard for evaluating safety, security, and privacy, in a range of consumer devices. The standard defines important consumer values that must be addressed in product development, with the goal of enabling consumer organizations to test, evaluate, and report on whether new products protect consumer security, safety, and privacy