Famous Hacker Creates a Software “Warning Label” System
Hackers are somewhat of an enigma in both our culture and our society. On the one hand, we acknowledge that their criminal efforts can have devastating effects on individuals and businesses. But at the same time, there’s an air of “cowboy mystery” around the term, and a certain Hollywood glamour surrounding these tech geniuses who live on the edge. Then, of course, there are the “white hat hackers” and the “hacktivist” groups that are decidedly relying on shady tactics but doing it in order to right some serious wrongs.
One former notorious hacker, Peiter Zatko (aka Mudge) has already used his technical know-how to ignite actual change in the computer and security industries. A former head of a Department of Defense grant program that gives money to cybersecurity initiatives, he’s now come up with a concept that has been missing for too long in the world of tech security.
Along with his wife, Sarah, who worked as a mathematician for the NSA, Zatko has developed his own warning label of sorts to attach to software and apps, giving consumers and businesses alike a better sense of the security flaws within that program. So many of the programs and apps we use require us to submit a lot of personal information, turn over our geographic location, or even give the program permission to access our devices’ content and our other accounts. Zatko wants the public to know exactly how strong or weak the security is within that program before we give it that kind of control.
Interestingly, the former hacker likens this type of information to the nutrition labels on the foods we eat. Producers are required to tell us the ingredients and the health information for the item we’re about to consume, and Zatko sees our technology as being no different.
“We need a nutritional label,” Peiter Zatko told Reuters in an interview. “You might care more about sugar, or carbohydrates, or protein, but if we tell you about all of it, a nutritionist can help you come up with the appropriate diet.”
The same is true of our technology. While companies have long had to include a “terms of service” agreement that outlines the permissions and access the software requires, those agreements are lengthy and written in highly jargon-filled legalese. More importantly, though, the agreement can’t outline the security flaws in the software when the developer doesn’t know about them either.
Zatko’s initiative has an unlikely ally: insurance companies. Since software doesn’t fall under the exact same rules as a typical physical product, it can be hard to sue the software developer for damages if their product fails, which could lead to a data breach, for example. Insurance companies are very interested in anything that can help their clients protect their customers in order to avoid expensive and damaging security flaws.
Anyone can be a victim of identity theft, anyone can use our services, and anyone can help us help others. If you found this information useful, please consider donating to the Identity Theft Resource Center to help us keep our services free to the public.