Blog

A Case for Improving Security Ergonomics of Compilers

by Sarah Zatko We published a study a while back showing the failure of the IoT industry to adhere to basic build safety best practices over the past 15 years. In the light of this failure, I wanted to unpack what some of the root causes might be, and make a case for why better usability and transparency for security features in compiler toolchains would help.

Read

Binary Hardening in IoT products

Last year, the team at CITL looked into the state of binary hardening features in IoT firmware. Since then we’ve added more vendors and refreshed our analytic techniques. This post will catch you up on the latest findings and developments.

Read

CITL Status Report

Some people have been asking when they're going to get to see all the great output and data we're generating, so this seemed like a good time to explain where we're at right now.

Read

Other Industries that Inspired Us

Evaluating the risk profile of software is a technically complex task, but there are lots of other industries where consumers have to engage in complex decision-making.

Read

CITL at Black Hat and Def Con!

The first public talks about CITL, including details about our metrics and preliminary data, will be at this year's Black Hat and Def Con!

Read