Peiter Zatko, a world-famous hacker who once told Congress he could take the internet down in 30 minutes, is currently developing a “Consumer Reports-style rating system for software.” Zatko is a cybercriminal turned government employee. Known for creating Boston hacking group L0pht, he more recently headed a U.S. Defense Department grant program for computer security projects. Today, Zatko and his wife, a former NSA mathematician, believe this software rating system could lead to some major changes in how some of the largest software companies do business, ultimately resulting in software that is consistently secure. “We need a nutritional label,” Zatko told Reuters in an interview. “You might care more about sugar, or carbohydrates, or protein, but if we tell you about all of it, a nutritionist can help you come up with the appropriate diet.” While the Zatko’s ratings approach is quite complicated, involving both source code and binary practice, the end rating will accurately reveal how secure the actual product is, explained his wife Sarah.
In fact, possibly the most interested party in this new ratings system is the insurance industry, which has struggled to adequately price premiums for insurance against hackers. If this approach can reveal vulnerable software and ultimately press software creators to do a better job, the insurance industry will have a better idea of which insureds are better protected from cybercriminals.