CITL's Reception at Black Hat and Defcon
So, first off, thank you! We've been thrilled so far by the media coverage and security community reaction we received. It was particularly exciting to hear people in other Defcon and Black Hat talks speculating on how our efforts could be used to inform/support/feed into theirs (Thanks, Jeremiah!). While our main reports and content will be tailored to a broader audience, we definitely want our data to be a tool that the security researcher community can make use of. We also think that this detailed data will be extremely useful to the insurance industry as actuarial data to inform their cyber insurance practices.
We try to keep our Press page up to date with the latest media mentions, but if that's one click too many for you, we've had great coverage lately in The Intercept, on Reuters, and in MIT Tech Review.
Tim Carstens did a perfect job of succinctly explaining what CITL is all about:
Roughly speaking, all real world software is insecure. You still need a way to choose between competing packages.
— Tim broker Carstens (@intoverflow) August 9, 2016
The problem of judging a piece of software relative to another is different than the problem of finding all bugs.
— Tim broker Carstens (@intoverflow) August 9, 2016
Without a comparative guide in the market place, software vendors have few metrics to point-at when trying to market security as a feature.
— Tim broker Carstens (@intoverflow) August 9, 2016
When the Black Hat and Defcon talks become available on Youtube we'll post links, and we'll be posting a lot of the charts and data from those talks here in the coming weeks. We aren't posting the slides themselves, as we don't like to have slides distributed without the voice track that goes along with them - it's too easy to take things out of context, especially given that our current data is not a finalized product. We expect to start releasing reports to the public near the end of this year, with things continuing to ramp up in 2017.
So, stay tuned for more CITL goodness!