As one of the only nonprofit research organizations of our kind, we test software and computing products through expert scientific inquiry into safety and risk. More importantly, we advise, empower and educate consumers in their use of those products and software. With our partners and supporters, we’re making the digital age safer for everyone.
When we compare use of common safety features and software hygiene practices in major brands of smart tvs to a reasonably secure Linux install, we can see the sorry state that IoT is currently in. In the IoT space today, all it takes to be ahead of the pack is to use basic modern safety features consistently.
When asked if an application is secure, a security expert might ask:
These sorts of questions can’t be answered in an automated fashion, due to theoretical obstructions ("undecidability") first identified by Alan Turing.
Thus, to measure security in a practical fashion, we employ heuristics.
We don’t need to find any specific vulnerabilities in order to assess how secure software is. Instead, we can observe the software’s safety features, build quality, complexity, and other heuristics.
Some heuristics directly impact software security, while others might just be properties of software that are generally only found in cases where development teams know what they’re doing. As long as they correlate, it doesn’t matter.
Our scientists and engineers are building the machinery to both study the efficacy of these heuristics and also to apply them at-scale.
For more info about our work and partnerships, watch Sarah Zatko @DEF CON 25
You'll get our newsletter with the latest on our testing results.