Building Secure Software

Why the standard approach to security doesn't work

Gary McGraw


Gary McGraw is the Vice President of Corporate Technology at Cigital (formerly Reliable Software Technologies) where he researches software security and sets technical vision in Software Risk Management. He holds a dual PhD in Cognitive Science and Computer Science from Indiana University and a BA in Philosophy from UVa. He has written over sixty peer-reviewed technical publications, consults with major e-commerce vendors including Visa and the Federal Reserve, and has served as principal investigator on grants from Air Force Research Labs, DARPA, National Science Foundation, and NIST's Advanced Technology Program. Dr. McGraw serves on the Boards of Counterpane, Finjan, NetCertainty, and Tovaris as well as advising the CS Department at UC Davis. He also chairs the National Infosec Research Council's Malicious Code Infosec Science and Technology Study Group. Dr. McGraw is a noted authority on mobile code security and co-authored both Java Security (Wiley, 1996) and Securing Java (Wiley, 1999) with Prof. Ed Felten of Princeton. Dr. McGraw also co-authored Software Fault Injection (Wiley 1998) with Jeff Voas. Dr. McGraw is currently writing a book entitled Building Secure Software (Addison-Wesley, 2001). He regularly contributes to popular trade publications and is often quoted in national press articles.