Gary McGraw, Building Secure Software episode artwork

EPISODE · Jan 10, 2001 · 1H 1M

Gary McGraw, Building Secure Software

from CERIAS Weekly Security Seminar - Purdue University

Computer security takes on more importance as commerce becomes e-commerce and business embraces the Net. However, little progress has been made in the security field, especially when vendor technology is considered. Popular press coverage of computer security orbits around basic technology issues such as what firewalls are, when to use the DES encryption algorithm, which anti-virus product is best, or how the latest email-based attack works. The problem is, many security practitioners don't know what the problem is. It's the software! Internet-enabled software applications, especially custom applications, present the most common security risk encountered today, and are the target of choice for real hackers. This talk is all about software security risk and how to manage it. The trick is to begin early, know your threats (including language-based flaws and pitfalls), design for security, and subject your design to thorough objective risk analyses and testing. This talk covers material that software practitioners, including architects and languages researchers, can use to avoid security problems and produce more secure Internet-based code. About the speaker: Gary McGraw is the Vice President of Corporate Technology at Cigital (formerly Reliable Software Technologies) where he pursues research in software security while leading the Software Security Group. He holds a dual PhD in Cognitive Science and Computer Science from Indiana University and a BA in Philosophy from UVa. He has written over sixty peer-reviewed technical publications, consults with major e-commerce vendors including Visa, Ericsson, and the Federal Reserve, and has served as principal investigator on grants from Air Force Research Labs, DARPA, National Science Foundation, and NIST\'s Advanced Technology Program. Dr. McGraw serves on the Boards of Counterpane, Finjan, NetCertainty, and ChainMail, Inc. He also chairs the National Infosec Research Council\'s Malicious Code Infosec Science and Technology Study Group. Dr. McGraw is a noted authority on mobile code security and co-authored both Java Security (Wiley, 1996) and Securing Java (Wiley, 1999) with Prof. Ed Felten of Princeton. Dr. McGraw also co-authored Software Fault Injection (Wiley 1998) with Jeff Voas. Dr. McGraw is currently writing a book entitled Building Secure Software (Addison-Wesley, 2001). He regularly contributes to popular trade publications and is often quoted in national press articles.

Episode metadata supplied by the publisher feed · Published Jan 10, 2001

Computer security takes on more importance as commerce becomes e-commerce and business embraces the Net. However, little progress has been made in the security field, especially when vendor technology is considered. Popular press coverage of computer security orbits around basic technology issues such as what firewalls are, when to use the DES encryption algorithm, which anti-virus product is best, or how the latest email-based attack works. The problem is, many security practitioners don't know what the problem is. It's the software! Internet-enabled software applications, especially custom applications, present the most common security risk encountered today, and are the target of choice for real hackers. This talk is all about software security risk and how to manage it. The trick is to begin early, know your threats (including language-based flaws and pitfalls), design for security, and subject your design to thorough objective risk analyses and testing. This talk covers material that software practitioners, including architects and languages researchers, can use to avoid security problems and produce more secure Internet-based code. About the speaker: Gary McGraw is the Vice President of Corporate Technology at Cigital (formerly Reliable Software Technologies) where he pursues research in software security while leading the Software Security Group. He holds a dual PhD in Cognitive Science and Computer Science from Indiana University and a BA in Philosophy from UVa. He has written over sixty peer-reviewed technical publications, consults with major e-commerce vendors including Visa, Ericsson, and the Federal Reserve, and has served as principal investigator on grants from Air Force Research Labs, DARPA, National Science Foundation, and NIST\'s Advanced Technology Program. Dr. McGraw serves on the Boards of Counterpane, Finjan, NetCertainty, and ChainMail, Inc. He also chairs the National Infosec Research Council\'s Malicious Code Infosec Science and Technology Study Group. Dr. McGraw is a noted authority on mobile code security and co-authored both Java Security (Wiley, 1996) and Securing Java (Wiley, 1999) with Prof. Ed Felten of Princeton. Dr. McGraw also co-authored Software Fault Injection (Wiley 1998) with Jeff Voas. Dr. McGraw is currently writing a book entitled Building Secure Software (Addison-Wesley, 2001). He regularly contributes to popular trade publications and is often quoted in national press articles.

PodParley-generated summary based on available episode metadata and transcript content.

NOW PLAYING

Gary McGraw, Building Secure Software

0:00 1:01:25

No transcript for this episode yet

We transcribe on demand. Request one and we'll notify you when it's ready — usually under 10 minutes.

Frequently Asked Questions

How long is this episode of CERIAS Weekly Security Seminar - Purdue University?

This episode is 1 hour and 1 minute long.

When was this CERIAS Weekly Security Seminar - Purdue University episode published?

This episode was published on January 10, 2001.

What is this episode about?

Computer security takes on more importance as commerce becomes e-commerce and business embraces the Net. However, little progress has been made in the security field, especially when vendor technology is considered. Popular press coverage of...

Can I download this CERIAS Weekly Security Seminar - Purdue University episode?

Yes, you can download this episode by clicking the download button on the episode player, or subscribe to the podcast in your preferred podcast app for automatic downloads.
URL copied to clipboard!