DEF CON 24: Mudge & The Consumer Reports for Software Security


DEF CON is one of the oldest and largest hacker conventions around, taking place in Las Vegas, bringing together hackers, lawyers, law enforcement agents, civil libertarians and cryptographers.

Duo’s Thu Pham attended a talk by Mudge and Sarah Zatko on Project CITL (Cyber Independent Testing Laboratory). Sidenote: Mudge also gave an interesting Duo Tech Talk in Ann Arbor two years ago called A Behind the Scenes Look at Creating DARPA’s Cyber Analytic Framework.

Mudge had announced he was leaving Google to work on Project CITL, which received a contract for “Consumer Security Reports” from the Air Force, on behalf of DARPA, according to

Similar to Consumer Reports, formed as a nonprofit to provide unbiased product testing and ratings, Mudge and Sarah Zatko had created a very thorough set of scoring and testing criteria to produce reports on the security of current software.

Read more on the Duo Blog here.