Cyber UL nonprofit uses binaries to assess software quality

Cyber-security researcher Peiter Zatko, better known in the industry by his hacker moniker “Mudge,” will discuss details of the Cyber Independent Testing Laboratory (CITL) project at the Black Hat conference in Las Vegas next week. 

CITL analyses binaries to assess “the software quality and inherent vulnerability in over 100,000 binary applications on Windows, Linux, and OS X," according to a presentation description on the Black Hat website. The project codified the “heuristics that attackers use to identify which targets are hard or soft against new exploitation”.

Zatko has been working on the CITL since leaving Google last year. When asked by a White House contact to establish a government programme to evaluate software, according to a report in The Intercept, he instead raised $600,000 in funding from DARPA, the Ford Foundation and Consumers Union, then launched CITL as a nonprofit with his wife, Sarah Zatko.