Security Experts:

DARPA Loses Security Muscle to Google

Peiter Zatko, better known to the InfoSec world as "Mudge", earning his reputation as a member of L0pht and the Cult of the Dead Cow, announced last Friday that he is leaving DARPA in order to take a position at Google.

The announcement was made on Twitter, where the hacking icon Tweeted, “Given all we pulled off within the [U.S. Government], let’s see if it can be done even better from outside. Goodbye DARPA, hello Google!”

Zatko didn’t get into specifics as to what his job will be when he starts working for the software and search giant. When asked by SecurityWeek’s Managing Editor about his title, he said via Twitter: “Whether coming in as a CVP or as a tech director, the title isn't important. What you do when you are there defines the value. In other words, I don’t know. :)”

Zatko has worked in and around the InfoSec world since the mid-90’s, and was one of only a few hackers to have even spoken to lawmakers in a semi-official capacity, representing an entire community, culture, and for some – a way of life. He is credited with early research into buffer overflow vulnerabilities, and alongside his L0pht partners, gained widespread media attention after telling Congress that it would take about 30 minutes to take the entire Internet down. (A point that many still say is true to this day.)

L0pht went legit in 1999, and joined forces with @Stake, which was snapped-up by Symantec in 2004. After that, Zatko is said to have worked with BBN Technologies before finally moving to DARPA to become a project manager. At DARPA, he created a fast track program that helped hackers working outside of the government get funding for creative ideas and innovations that could be used to secure Defense Department systems.

While his role at Google remains unknown, it’s clear that the government has lost a valuable asset. One can only hope that Google doesn’t waste such a resource.

view counter
Steve Ragan is a security reporter and contributor for SecurityWeek. Prior to joining the journalism world in 2005, he spent 15 years as a freelance IT contractor focused on endpoint security and security training.