Dive Brief:

• Well-known hacker Peiter Zatko, often known as Mudge, announced he’s launching a Consumer Reports-style rating system for software.
• Zatko and his wife, former National Security Agency mathematician Sarah Zatko, introduced the new system at the Black Hat security conference in Las Vegas Wednesday.
• The system will create an unbiased and consistent way to rate the security of programs, according to Zatko.

Dive Insight:

Zatko says software companies notoriously use processes that leave their products vulnerable to attack, yet businesses have little recourse since courts have ruled that because software is licensed and not sold, product liability lawsuits for defective goods are baseless.

The new system would rate software based on security. Businesses could then use the information to help inform their software purchases.

"We need a nutritional label." Zatko told Reuters. "You might care more about sugar, or carbohydrates, or protein, but if we tell you about all of it, a nutritionist can help you come up with the appropriate diet."

Zatko is not the first to come up with a rating system idea. In June, Fair Isaac Corp., the company that generates consumer-credit scores, said it planned to use predictive analytics and security-risk assessment tools to develop security scores for businesses. The scores would help CIOs and other tech professionals measure their company’s online risks.

The cyber insurance market would likely be interested in both products, because they could use the scores to assist in cyber breach policy writing and portfolio management. Though cyber insurance is a fast growing market, there is not yet an industry standard to measure a company's risk.