• Home
• About Us
• Services
• Federal
• News/Events
• Resources
• Podcasts
• Careers

Presentations

Software Security: State of the Practice 2010 by Gary McGraw [2010]

Software Security Touchpoint: Architectural Risk Analysis by Gary McGraw [2010]

Cyber Security: Software Risk Management for Utilities by Gary McGraw [2010]

Lifestyle Hacking: Social Networks and Gen Y Meet Security and Privacy moderated by Gary McGraw [2010]

Building Security In Maturity Model by Gary McGraw [2009/2010]
This talk describes the observation-based maturity model, drawing examples from many real software security programs.

Software Security and the BSIMM by Gary McGraw [2009]

Software Security and the Building Security in Maturity Model by Sean Barnum [2009]
There is much to learn from practical experience. Use the BSIMM as a yardstick to determine where you stand and what kind of software security plan will work best for you.

Startup Lessons by Gary McGraw [2009]

Software Security Requirements: The Foundation for Security by Paco Hope [2009]
While not all organizations need to achieve the same security goals, all successful large scale software security initiatives share common ideas and approaches. This talk describes these practices using real data.

The Building Security In Maturity Model: Quality Assurance Perspective by Sammy Migues [2009]
Several large organizations use a software security group (SSG) to address software security and these SSGs are actively working with QA/test groups to produce more secure software. This talk describes some of the individual activities they are performing.

10 Things Everybody Does: Successful Software Security Initiatives by Robert M. Hines [2009]
The presentation merges BSIMM top 10 activities everybody performs with imperatives for success.

Software Security: State of the Practice 2008 by Gary McGraw [2008]
Using the framework described in the book "Software Security: Building Security In"---built around the three pillars of software security: risk management, the touchpoints, and knowledge---Dr. McGraw describes the state of the practice based on real data from the field.

Exploiting Online Games: Cheating massively distributed systems by Gary McGraw [2008]
This talk is about security problems associated with advanced massively distributed software. With hundreds of thousands of interacting users, today's online games are a bellwether of modern software yet to come. The kinds of attack and defense techniques described are tomorrow's security techniques on display today.

An Approach to Agile Automation Testing by Frank Hurley [2008]
This presentation describes a successful approach to implementing automated QA testing into an agile environment.

Videos

Sammy Migues - Keeping Your Co-op … And Home, Secure: Ask the Cyber Security Dudes (NRECA)
From March 2010.

Gary McGraw - Cyber Security: Software Risk Management for Utilities (NRECA)
From March 2010.

Gary McGraw - Exploiting Online Games (Cal Poly Distinguished Speaker invited talk)
From Fall 2008.

Paco Hope at STARWEST 2008
Paco discusses how figuring out the right blend of testing activities can be a real challenge for some organizations.

John Steven - Practical Advanced Threat Modeling (Owasp5017)
Recorded at the Open Web Application Security Project NYC Conference on September 25, 2008.

Gary McGraw on Secure Software Development (SearchSecurity.com)
In this interview with Executive Editor Dennis Fisher, McGraw discusses the progress the industry is making on software security and how much farther most vendors have to go. From June 2008.

Gary McGraw - Software Security: Building Security In (OnSecurity)
Gary discusses the need for security to be built into the Software Development Lifecycle. From fall 2007.

Gary McGraw - Exploiting Online Games (USENIX Security '07 invited talk)
This talk frankly describes controversial security issues surrounding MMORPGs such as World of Warcraft. This no-holds-barred approach is fully loaded with code examples, debuggers, bots, and hacks, of interest whether you are a gamer, a game developer, a software security person, or an interested bystander. Presented at USENIX Security '07 on August 9, 2007.

Gary McGraw - Online Gaming and Criminality (InformIT.com)
Dr. Gary McGraw discusses security issues in online gaming in July 2007.

Gary McGraw on Cranky Geeks (episode 50)
Guests: Sebastian Rupley, Dr. Gary McGraw (CTO of Cigital) and Tom Merritt (Executive Editor, CNET) discuss the RSA Conference, Romanian piracy, the photo copyright crackdown, and "e-wallets." Hosted by John C. Dvorak on February 7, 2007.

Gary McGraw on Cranky Geeks (episode 10)
Guests: Sebastian Rupley, Dr. Gary McGraw (CTO of Cigital) and Dan Farmer (CTO of Elemental Security) discuss NSA getting your phone records, Hackers and DNA, and much more. Hosted by John C. Dvorak on May 16, 2006.

Resources

• Overview
• Silver Bullet Podcast
• Reality Check Podcast
• Justice League Blog
• Books
• Java Security Rulepack
• BSIMM
• Gaming
• Presentations/Videos
• Publications
• Security Articles
• White Papers

Contact  Careers  Account  Privacy