Known as Mudge, Peiter C. Zatko has the cult status among the hacking community worldwide. He was one of the few experts who did prophet the network security vulnerabilities in upcoming time, and told how to tackle them. He once claimed that he “could take down the internet in 30 minutes.” The ace hacker has been served on the important positions at DARPA and Google as well.
This time Mr. Zatko is in headlines for creating a new rating system for software based on customer reporting along with his wife, Sarah Zatko. The couple gave information about their plans regarding this initiative at the Black Hat security conference in Las Vegas on Tuesday.
Zatko said that software companies’ processes expose their products to the attack and businesses have left helpless as they can’t take try them, as these “defective” goods are licensed and not sold, according to the law.
His new program would rate the tools or software according to their security efficiencies, making business to choose the secure one.
To explain it better, Pieter Zatko exemplified his security rating program in these words, “We need a nutritional label. You might care more about sugar, or carbohydrates, or protein, but if we tell you about all of it, a nutritionist can help you come up with the appropriate diet.”
If the initiative is successful, could bring some big changes in the working methods of the leading software companies around the world. According to him, his idea is unique and will be helpful to the open source platforms, government bodies and general business.
Zatko told at the conference how some of the software tools performed when they were tested on his rating system. Apple Mac and Google’s web browser was more resistant to hacker’s attack than Apple’s Safari, which is found more secure than Firefox. Zatko’s rating system also found that MS office version for Mac is not enough strong against attacks.
The software rating system is very valuable in current scenarios as there is no other “ways” to assure that you have secure software. Again, court can ruled out the product liability lawsuits for the defective goods if they are licensed and not sold.
Like Zatko, every business would hope that the software security rating program force the software companies to promote quality in their products.