To view a recording of this session Get Adobe Flash player

Dr. Gary McGrawGary McGraw

Gary McGraw is the CTO of Cigital, Inc., a software security and quality consulting firm with headquarters in the Washington, D.C. area.

He is a globally recognized authority on software security and the author of six best selling books on this topic. The latest, Exploiting Online Games: Cheating Massively Distributed Systems was released in 2007. His other titles include Securing Java: Getting Down to Business with Mobile Code, Building Secure Software: How to Avoid Security Problems the Right Way, Exploiting Software: How to Break Code, and Software Security: Building Security In; and he is editor of the Addison-Wesley Software Security series.

Dr. McGraw has also written over 90 peer-reviewed scientific publications, authors a monthly security column for informIT, and is frequently quoted in the press.

Besides serving as a strategic counselor for top business and IT executives, Gary is on the Advisory Boards of Fortify Software and Raven White.

His dual PhD is in Cognitive Science and Computer Science from Indiana University where he serves on the Dean's Advisory Council for the School of Informatics. Gary is an IEEE Computer Society Board of Governors member and produces the monthly Silver Bullet Security Podcast for IEEE Security & Privacy magazine.


description

Software Security: State of the Practice 2010

Using the framework described in my book Software Security: Building Security In---built around the three pillars of software security: risk management, the touchpoints, and knowledge---I will discuss and describe the state of the practice.  This talk is peppered with real data from the field, based on my work with several large financial services companies as a Cigital consultant.  Really, the software security field is just getting started, but we are making important forward progress, and the future looks bright.

Partners:

Solvay Brussels School of Economics and Management Katholieke Universiteit Leuven

Affiliated organizations:

OWASP NESSoS iMinds
Creative Commons

Contents of the secappdev.org website are licensed under a Creative Commons Attribution-NonCommercial 3.0 License.