https://theintercept.com/2016/07/29/a-f ... e-process/
"When Mudge announced on Twitter last year that the White House had asked him to create a cyber version of Underwriters Laboratories, praise poured in from around the security community."
"The process they use to evaluate software allows them to easily compare and contrast similar programs. Looking at three browsers, for example — Chrome, Safari, and Firefox — Chrome came out on top, with Firefox on the bottom. Google’s Chrome developers not only used a modern build environment and enabled all the default security settings they could, Mudge says, they went “above and beyond in making things even more robust.” Firefox, by contrast, “had turned off [ASLR], one of the fundamental safety features in their compilation.”"
"They’re working with Consumer Reports, another inspiration for the lab, to develop a way to use their data to evaluate products the magazine tests. They’ve also had interest from AIG and other insurers who want to use the data to do risk-assessments of companies seeking cyber insurance."
cyber version of Underwriters Laboratories
- tanstaafl
- Moderator
- Posts: 49647
- Joined: July 30th, 2003, 5:06 pm
- Grumpus
- Posts: 13232
- Joined: October 19th, 2007, 4:23 am
- Location: ... Da' Swamp
Re: cyber version of Underwriters Laboratories
About ASLR
Doesn't matter what you say, it's wrong for a toaster to walk around the house and talk to you