Explore a comprehensive conference talk on quantitative software risk reporting presented by experts from the Cyber Independent Testing Laboratory (CITL). Delve into the challenges of identifying effective software security practices and vendors from both end-user and vendor perspectives. Learn about CITL's efforts to develop automated static analysis and fuzzing frameworks for large-scale software testing. Discover early results from their research aimed at empowering security professionals with scientific findings and helping consumers make informed choices about software risks. Gain insights from CITL's team, including Sarah Zatko, Tim Carstens, Parker Thompson, Peiter "Mudge" Zatko, and Patrick Stach, as they discuss their mission to create a fair, just, and safe software marketplace through expert scientific inquiry and consumer education.
Overview
Syllabus
Quantitative Comparable Software Risk Reporting - CITL
Taught by
0xdade
Related Courses
-
Ground Truth - 18 Vendors, 6000 Firmware Images, 2.7 Million Binaries, and a Flaw in the Linux-MIPS Stack
-
Applied Quantitative Risk Analysis
-
Measuring Adversary Costs to Exploit Commercial Software
-
Quantifying Risk in Consumer Software at Scale - Consumer Reports' Digital Standard
-
Breaking AV Software
-
Knowing the Unfuzzed and Finding Bugs with Coverage Analysis
