Welcome
Welcome to Cigital’s brand new software security and software quality blog. That’s right, after ranting and raving in other forums for over a decade, we’ve decided to take it to the Web. Let’s call this blog “Justice League.” We’re glad you’re here.
It’s customary start a blog with administrivia, and this one should be no exception. Justice League will be a joint production of all of the Principal Consultants at Cigital. So, yes, it’s a corporate blog (wah wah waaah) but we promise that it will not suck. We’ll be passing the baton around like a hot potato. “No after you.” “Please, after you.” Somehow I ended up with the potato first.
I guess it’s my job to set the stage and introduce your cast. Many of you know me from my external speaking and writing. I’m Gary McGraw, CTO of Cigital, author of a big pile of books on software security, and host of the Silver Bullet Security Podcast. In my secret other life I am the fiddler for Where’s Aubrey.
Joining me to produce this blog will be <insert drumroll here>:
- Pravir Chandra. Pravir joined the Cigital team from Secure Software where he was Co-Founder and Chief Security Architect. Pravir is best known for his work on CLASP and for running an Operations Security group at AOL. Slightly lesser known is that Pravir was once a research associate at Cigital about a million years ago. In addition to being one of the top minds in the world in software security, Pravir is super nice, brilliant, and loads of fun.
- Scott Matsumoto. The great thing about Scott is that he brings 20 years of hard core commercial development experience to the team. Scott has served as CTO of both Spring Street Networks and Xtremesoft (where he was a co-founder as well). Scott is a seasoned software architect and a database guru. Scott is as self-effacing as he is experienced, but don’t let him fool you—he’s sneaky, clever, patient, and has attained the Buddha calm.
- Sammy Migues. Sammy has a long storied career in security stretching back before I was born (ok, not really). Sammy contributed to the infamous Rainbow Books (thanks, man), helped to invent the concept of software assurance, and has been applying knowledge management techniques to computer security for a decade. Sammy was the Chief Scientist of iDefense and Principal Scientist at Cybertrust before he joined Cigital. Sammy escaped from Louisiana in a similar fashion to my escape from Tennessee-we both found a pair of shoes and slipped across the border.
- Craig Miller. Craig really does have computer science bone fides stretching back to before I was born! In fact, he is the most seasoned technical veteran in the firm. Craig has been Chief Scientist of SAIC, CTO of Proxicom, North American CTO and Global Chief Architect of Dimension Data, and a bunch of other things. Like me, he’s a Dr. of something or other. He’s also a music fanatic, a yarn teller, and a jolly good fellow.
- John Steven. The infamous John Steven (or jS as I call him) has been with Cigital for many years. John is my right hand man, and is one of the main reasons that my job rocks. John’s knowledge of Java goes as deep as the inner workings of the VM and gets as lofty as architectural patterns for MVC’s in J2EE. John is intense, intelligent, and introspective. He also has just a few opinions.
Together, we plan to cover lots of ground in software security and software quality in this blog. We’re hoping for a dialog, so please tell us what you like, call us on the baloney, throw us the occasional bone, and generally enjoy yourself. We aim to have fun with this blog in an open interactive way.
My friends who run blogs—including my girlfriend from high school, all my buds at Fortify Software and my friend Jon Udell (who has been blogging basically forever)—all keep their entries short and personal. We’ll try to emulate them.
For the first few weeks, expect a new post every 2-3 days. First up is John Steven. Hey man, catch the potato…
Technorati Tags: software security
