No wonder cybersecurity is so bad: There’s no way to measure it
When the founders of a new nonprofit assessing the cybersecurity of software for consumers were trying to develop a scoring system that would rate programs depending on which security features they used, they encountered a “mind-blowing” problem. No one had ever measured how well such features actually worked. “There haven’t been a lot of studies that look at how effective are the safety measures that we use and trust,” Sarah Zatko, co-founder of the Cyber Independent Testing Lab, told a session at the DEF CON hacker convention Friday. The gap, she said, helped create space for the relatively high proportion of “snake oil” products in the cybersecurity market, she said. “In most other industries that sort of data [about how well different security measures worked relative to each other] would be pretty fundamental — something you could take for granted that it existed,” said Zatko, whose husband and co-founder is Peter Zatko, […]
The post No wonder cybersecurity is so bad: There’s no way to measure it appeared first on Cyberscoop.
Continue reading No wonder cybersecurity is so bad: There’s no way to measure it