Measuring Adversary Costs to Exploit Commercial Software

Explore a groundbreaking approach to evaluating software security in this 50-minute Black Hat conference talk. Delve into the Cyber Independent Testing Lab's (CITL) innovative metrics and methodologies for assessing the inherent vulnerability of over 100,000 binary applications across Windows, Linux, and OS X. Learn how this non-profit organization, founded by former DARPA and Google expert Mudge, aims to provide consumers and organizations with quantitative data on software security, similar to Consumer Reports. Discover surprising findings about the security levels of various products, including security software, and understand how this information can inform purchasing decisions, enhance organizational security, and even impact bug-bounty programs. Gain insights into the heuristics used by attackers to identify soft targets and see how CITL's approach allows for meaningful comparisons between software products, potentially revolutionizing the way we evaluate and choose software based on security considerations.