Building Secure Software
Why the standard approach to security doesn't work
Gary McGraw
Cigital
Gary McGraw is the Vice President
of Corporate Technology at Cigital
(formerly Reliable Software Technologies) where he researches software
security and sets technical vision in Software Risk Management. He
holds a
dual PhD in Cognitive Science and Computer Science from Indiana
University
and a BA in Philosophy from UVa. He has written over sixty
peer-reviewed
technical publications, consults with major e-commerce vendors including
Visa and the Federal Reserve, and has served as principal investigator
on
grants from Air Force Research Labs, DARPA, National Science
Foundation,
and NIST's Advanced Technology Program. Dr. McGraw serves on the
Boards of
Counterpane, Finjan, NetCertainty, and Tovaris as well as advising the
CS
Department at UC Davis. He also chairs the National Infosec Research
Council's Malicious Code Infosec Science and Technology Study Group.
Dr.
McGraw is a noted authority on mobile code security and co-authored
both
Java Security (Wiley, 1996) and Securing Java (Wiley, 1999) with Prof.
Ed
Felten of Princeton. Dr. McGraw also co-authored Software Fault
Injection
(Wiley 1998) with Jeff Voas. Dr. McGraw is currently writing a book
entitled Building Secure Software (Addison-Wesley, 2001). He regularly
contributes to popular trade publications and is often quoted in
national
press articles.