{"guid":"a13dc0d2-55af-4b60-a07c-1786094da593","title":"How risky is the software you use? ","subtitle":"CITL: Quantitative, Comparable Software Risk Reporting","slug":"34c3-9225-how_risky_is_the_software_you_use","link":"https://fahrplan.events.ccc.de/congress/2017/Fahrplan/events/9225.html","description":"\u003cp\u003eSoftware vendors like to claim that their software is secure, but the effort and techniques applied to this end vary significantly across the industry. From an end-user's perspective, how do you identify those vendors who are effective at securing their software? From a vendor's perspective, how do you identify those techniques which are effective at improving security? Presenting joint work with Sarah Zatko, mudge, Patrick Stach, and Parker Thompson.\u003c/p\u003e","original_language":"eng","persons":["Tim Carstens","Parker Thompson"],"tags":["34c3","9225","Ethics, Society \u0026 Politics"],"view_count":3029,"promoted":false,"date":"2017-12-27T00:00:00.000+01:00","release_date":"2017-12-27T01:00:00.000+01:00","updated_at":"2026-03-07T01:15:04.954+01:00","length":3530,"duration":3530,"thumb_url":"https://static.media.ccc.de/media/congress/2017/9225-hd.jpg","poster_url":"https://static.media.ccc.de/media/congress/2017/9225-hd_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2017/a13dc0d2-55af-4b60-a07c-1786094da593-timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2017/a13dc0d2-55af-4b60-a07c-1786094da593-thumbnails.vtt","frontend_link":"https://media.ccc.de/v/34c3-9225-how_risky_is_the_software_you_use","url":"https://api.media.ccc.de/public/events/a13dc0d2-55af-4b60-a07c-1786094da593","conference_title":"34C3: TUWAT","conference_url":"https://api.media.ccc.de/public/conferences/34c3","related":[{"event_id":4762,"event_guid":"b036385c-ec1a-44e5-ae48-af703ce9b5d3","weight":284},{"event_id":4763,"event_guid":"2ef3b60f-6e5c-4c23-a145-d263685ec13e","weight":366},{"event_id":4764,"event_guid":"da934433-0092-4749-b606-56b65e84214f","weight":245},{"event_id":4765,"event_guid":"9326038b-f781-4707-b35a-9ef52f98d35a","weight":332},{"event_id":4766,"event_guid":"19b7e5d7-bba7-46da-afbc-f16d43fe395f","weight":347},{"event_id":4767,"event_guid":"f2ca3661-30c8-476e-9d6b-920bb20b21eb","weight":371},{"event_id":4769,"event_guid":"c9ae7564-9156-4d31-9f8a-168793a1bb18","weight":129},{"event_id":4770,"event_guid":"a890dbd3-8859-4788-a72f-ded5c5c08e5f","weight":195},{"event_id":4772,"event_guid":"0ff9c9c4-a561-4ec0-afa2-93647a740f26","weight":138},{"event_id":4777,"event_guid":"a66fa9d5-b12c-4d6b-84f9-f279faf38f86","weight":168},{"event_id":4779,"event_guid":"544e7736-6b59-4c05-87a7-c013ef993688","weight":152},{"event_id":4780,"event_guid":"af65b0d3-5e43-49e3-9ec0-c225f6c57d46","weight":88},{"event_id":4781,"event_guid":"44e7cb13-011e-4242-b26a-1edf4ac15b83","weight":82},{"event_id":4782,"event_guid":"de1b5916-8052-4a25-bded-25d96a43aff7","weight":84},{"event_id":4784,"event_guid":"65a25dfd-56dd-4e87-a910-334e2dc25a9c","weight":142},{"event_id":4790,"event_guid":"edd02e52-28f8-4f3e-8b17-75cffecb6d7f","weight":99},{"event_id":4791,"event_guid":"8d29d28d-a222-4731-bdfc-fde590385cae","weight":111},{"event_id":4794,"event_guid":"a2887b4a-0c9d-4220-a52f-c65c20ae25d7","weight":173},{"event_id":4795,"event_guid":"722ce759-9cde-4e3b-8db5-5a97aa9673d9","weight":86},{"event_id":4800,"event_guid":"a9ebf7e3-abc5-49d9-8efe-316b3bc52902","weight":86},{"event_id":4808,"event_guid":"acab4111-aba7-44f7-b56e-ef805dcacd00","weight":88},{"event_id":4826,"event_guid":"16645200-2036-4a3c-a44d-a5ff44ac2991","weight":197},{"event_id":4832,"event_guid":"275f85de-d612-4440-8755-85dee5912f12","weight":82},{"event_id":4866,"event_guid":"117a52b4-f675-49dd-aafe-659c07b6bc9c","weight":116}],"recordings":[{"size":null,"length":null,"mime_type":"application/x-subrip","language":"eng","filename":"34c3-9225-eng-How_risky_is_the_software_you_use.en.srt","state":"complete","folder":"","high_quality":true,"width":null,"height":null,"updated_at":"2021-02-21T17:46:48.370+01:00","recording_url":"https://cdn.media.ccc.de/congress/2017/34c3-9225-eng-How_risky_is_the_software_you_use.en.srt","url":"https://api.media.ccc.de/public/recordings/44426","event_url":"https://api.media.ccc.de/public/events/a13dc0d2-55af-4b60-a07c-1786094da593","conference_url":"https://api.media.ccc.de/public/conferences/34c3"},{"size":523,"length":3530,"mime_type":"video/mp4","language":"eng","filename":"34c3-9225-eng-How_risky_is_the_software_you_use_hd.mp4","state":"new","folder":"h264-hd","high_quality":true,"width":1920,"height":1080,"updated_at":"2017-12-27T21:13:08.943+01:00","recording_url":"https://cdn.media.ccc.de/congress/2017/h264-hd/34c3-9225-eng-How_risky_is_the_software_you_use_hd.mp4","url":"https://api.media.ccc.de/public/recordings/20681","event_url":"https://api.media.ccc.de/public/events/a13dc0d2-55af-4b60-a07c-1786094da593","conference_url":"https://api.media.ccc.de/public/conferences/34c3"},{"size":53,"length":3515,"mime_type":"audio/mpeg","language":"eng","filename":"34c3-9225-eng-How_risky_is_the_software_you_use.mp3","state":"new","folder":"mp3","high_quality":false,"width":0,"height":0,"updated_at":"2017-12-27T22:58:07.369+01:00","recording_url":"https://cdn.media.ccc.de/congress/2017/mp3/34c3-9225-eng-How_risky_is_the_software_you_use.mp3","url":"https://api.media.ccc.de/public/recordings/20693","event_url":"https://api.media.ccc.de/public/events/a13dc0d2-55af-4b60-a07c-1786094da593","conference_url":"https://api.media.ccc.de/public/conferences/34c3"},{"size":36,"length":3515,"mime_type":"audio/opus","language":"eng","filename":"34c3-9225-eng-How_risky_is_the_software_you_use.opus","state":"new","folder":"opus","high_quality":false,"width":0,"height":0,"updated_at":"2017-12-27T22:58:40.099+01:00","recording_url":"https://cdn.media.ccc.de/congress/2017/opus/34c3-9225-eng-How_risky_is_the_software_you_use.opus","url":"https://api.media.ccc.de/public/recordings/20694","event_url":"https://api.media.ccc.de/public/events/a13dc0d2-55af-4b60-a07c-1786094da593","conference_url":"https://api.media.ccc.de/public/conferences/34c3"},{"size":151,"length":3530,"mime_type":"video/mp4","language":"eng","filename":"34c3-9225-eng-How_risky_is_the_software_you_use_sd.mp4","state":"new","folder":"h264-sd","high_quality":false,"width":720,"height":576,"updated_at":"2017-12-27T23:06:15.239+01:00","recording_url":"https://cdn.media.ccc.de/congress/2017/h264-sd/34c3-9225-eng-How_risky_is_the_software_you_use_sd.mp4","url":"https://api.media.ccc.de/public/recordings/20701","event_url":"https://api.media.ccc.de/public/events/a13dc0d2-55af-4b60-a07c-1786094da593","conference_url":"https://api.media.ccc.de/public/conferences/34c3"},{"size":343,"length":3530,"mime_type":"video/webm","language":"eng","filename":"34c3-9225-eng-How_risky_is_the_software_you_use_webm-sd.webm","state":"new","folder":"webm-sd","high_quality":false,"width":720,"height":576,"updated_at":"2017-12-28T01:45:19.558+01:00","recording_url":"https://cdn.media.ccc.de/congress/2017/webm-sd/34c3-9225-eng-How_risky_is_the_software_you_use_webm-sd.webm","url":"https://api.media.ccc.de/public/recordings/20742","event_url":"https://api.media.ccc.de/public/events/a13dc0d2-55af-4b60-a07c-1786094da593","conference_url":"https://api.media.ccc.de/public/conferences/34c3"},{"size":715,"length":3530,"mime_type":"video/webm","language":"eng","filename":"34c3-9225-eng-How_risky_is_the_software_you_use_webm-hd.webm","state":"new","folder":"webm-hd","high_quality":true,"width":1920,"height":1080,"updated_at":"2017-12-28T12:56:04.125+01:00","recording_url":"https://cdn.media.ccc.de/congress/2017/webm-hd/34c3-9225-eng-How_risky_is_the_software_you_use_webm-hd.webm","url":"https://api.media.ccc.de/public/recordings/20841","event_url":"https://api.media.ccc.de/public/events/a13dc0d2-55af-4b60-a07c-1786094da593","conference_url":"https://api.media.ccc.de/public/conferences/34c3"},{"size":139,"length":3530,"mime_type":"video/mp4","language":"eng","filename":"34c3-9225-eng-How_risky_is_the_software_you_use_hd-slides.mp4","state":"new","folder":"slides-h264-hd","high_quality":true,"width":1920,"height":1080,"updated_at":"2017-12-28T16:35:40.411+01:00","recording_url":"https://cdn.media.ccc.de/congress/2017/slides-h264-hd/34c3-9225-eng-How_risky_is_the_software_you_use_hd-slides.mp4","url":"https://api.media.ccc.de/public/recordings/21010","event_url":"https://api.media.ccc.de/public/events/a13dc0d2-55af-4b60-a07c-1786094da593","conference_url":"https://api.media.ccc.de/public/conferences/34c3"},{"size":69,"length":3530,"mime_type":"video/mp4","language":"eng","filename":"34c3-9225-eng-How_risky_is_the_software_you_use_sd-slides.mp4","state":"new","folder":"slides-h264-sd","high_quality":false,"width":720,"height":576,"updated_at":"2018-01-02T15:20:49.480+01:00","recording_url":"https://cdn.media.ccc.de/congress/2017/slides-h264-sd/34c3-9225-eng-How_risky_is_the_software_you_use_sd-slides.mp4","url":"https://api.media.ccc.de/public/recordings/22258","event_url":"https://api.media.ccc.de/public/events/a13dc0d2-55af-4b60-a07c-1786094da593","conference_url":"https://api.media.ccc.de/public/conferences/34c3"}]}