Last year Mudge and Sarah pulled back the curtains on the non-profit Cyber Independent Testing Laboratory: An organization designed to quantify the efficacy of security development practices and predict future software risks and vulnerabilities. One of the surprise discoveries was that their methodologies mapped to the pricing structure of the underground 0day market.
The first half of this talk will disclose the progress and findings since then. This includes universal fuzzers, results of new target analysis across 4 major operating systems, early results from porting their analysis to IoT architectures, and the future roadmap for this non-profit organization.
The second half of the talk focuses on the recently announced open 'Digital Standard', an effort put together by Consumer Reports, Disconnect, Ranking Digital Rights, and Cyber-ITL. The challenges in capturing and conveying meaningful information covering privacy, safety, exploitability, and consumer rights in all forms of software will be addressed by representatives from each organization.