Dulles, Va., April 24, 2012 – Cigital, Inc., an industry leader in software security consulting, will host an open house to launch its new office in Bloomington, Indiana, on May 3, 2012. The Bloomington office, located at 100 S. College Ave, is the newest addition to Cigital’s global locations, including Washington DC, New York, Santa Clara, Boston, London, and Amsterdam.

The launch event will feature a fireside chat with security guru, IU alum, and Cigital CTO Dr. Gary McGraw and Visa International CSO Gary Warzala. They will introduce Cigital to the Bloomington community and discuss its impact on the growth of software security as a field. The evening will include live music, drinks, and hors d’ouvres.

The Bloomington office will house the company’s first assessment center outside of its Dulles, Va, headquarters and will be led by Randy Moore, Assessment Center Manager. The new location will provide Cigital with extended capacity to perform remote Application Security Assessments for its Fortune 250 client base. Cigital, which has approximately 200 employees internationally, has already begun hiring new software security consultants.

“Our extensive search for a Midwest nexus ranged from Austin to Ann Arbor. We picked Bloomington for its superior combination of a growing technical employee base, a very strong Informatics program with an emphasis on security, and an absolutely top notch quality of life,” said, Brian Mizelle, VP, Operations, Cigital. “Our welcome to Indiana and to the Bloomington business community has been great. We’re looking forward to putting down roots and becoming part of Indiana business.”

The event, co-sponsored by the Bloomington Technology Partnership, is by invitation only. It will begin at 6:30pm on May 3rd, with the fireside chat starting promptly at 7:00pm. If you are interested in attending, please contact Brian Mizelle at bmizelle@cigital.com.

About Cigital
Cigital, Inc. is the leading software security consulting firm in the world. Established in 1992, Cigital plans and implements initiatives that help organizations ensure their applications are secure and reliable while also improving how they build and deploy software. Our recognized experts apply a combination of proven methodologies, tools, and best practices to meet each client’s unique requirements. Cigital is headquartered outside Washington, D.C. with regional offices in the U.S., Europe, and India. For more information visit: http://www.cigital.com.

Contact:
Terri Randolph
Cigital
703-404-5757
trandolph@cigital.com

Dr. McGraw, a globally-recognized authority on software security and the author of multiple best selling books in the Addison-Wesley Software Security series, is transplanting his monthly column to TechTarget to take advantage of its large readership and its highly targeted combination of resources specifically dedicated to today’s IT-security professional. The column is titled [In]security and joins Dr. McGraw’s book titles which include best-sellers Software Security (Addison-Wesley 2006), Exploiting Software (Addison-Wesley 2004), Building Secure Software (Addison-Wesley 2001), and Java Security (Wiley 1996). See here for first column.

“Since October 2004, I have been producing a monthly computer security opinion column,” said Dr. McGraw. “I am excited by the opportunity to have my column published and distributed on TechTarget properties. Security professionals turn to Information Security magazine and SearchSecurity.com every day for professional advice and opinion. I am pleased to join the TechTarget stable of thought leaders.”

Both Information Security magazine and SearchSecurity.com will post the [In]security column each month on a page dedicated to Dr. McGraw’s work, including links to video interviews from SearchSecurity.com. The page will also include links to the popular and long running Silver Bullet Security Podcast with Gary McGraw, which is co-produced by Cigital and IEEE Security & Privacy magazine and will now be syndicated exclusively by TechTarget.

“For years, we have turned to Dr. McGraw for insight into complicated software security stories. We’re looking forward to hosting his column every month and giving our readers the chance to experience his provocative insight into the latest security issues and trends,” said Michael Mimoso, Editorial Director of the Security Media Group at TechTarget.

SearchSecurity.com and Information Security magazine are the only information resources that provide immediate access to breaking industry news, virus alerts, new hacker threats and attacks, security certification training resources, security standard compliance, webcasts, white papers, and podcasts.

To view Dr. McGraw’s inaugural column on Information Security magazine, see Gary McGraw on software security assurance: Build it in, build it right

To view Dr. McGraw’s SearchSecurity.com page, see http://searchsecurity.techtarget.com/contributor/Gary-McGraw

About Cigital
Cigital, Inc. is the leading software security consulting firm in the world. Established in 1992, Cigital plans and implements initiatives that help organizations ensure their applications are secure while also improving how they build and deploy software. Our recognized experts apply a combination of proven methodologies, tools, and best practices to meet each client’s unique requirements. Cigital is headquartered outside Washington, D.C. with global offices in New York, Boston, Santa Clara, London, Amsterdam, and Bloomington. For more information visit, www.cigital.com and follow us @Cigital.

Contact:
Terri Randolph
Cigital
703-404-5757
trandolph@cigital.com

Dulles, Va., March 14, 2012 – Cigital, Inc., a leading software security consulting firm, announced plans today to locate a new facility in Bloomington, Indiana, creating up to 25 high-wage jobs by 2014.

Cigital will invest $352,000 to lease and equip 2,400 square feet of space at 100 S. College Ave. The new facility will house the company’s first assessment center outside of its Dulles, Va. headquarters and is slated to be operational in May.

“Bloomington and the surrounding area has a growing technology base and we are thrilled to be a part of it,” said John Wyatt, chairman and chief executive officer of Cigital. “Our new location is representative of our growing business and we are excited about the talented individuals from the area that we will bring to Cigital.”
Cigital, which has approximately 200 employees internationally, has already begun hiring new software security consultants.

“Innovative companies like Cigital recognize our state’s high-growth potential for expanding businesses,” said Dan Hasler, Secretary of Commerce and chief executive officer of the Indiana Economic Development Corporation. “With our world-class research universities and low-tax policies, we’re continuing to bring in more high-wage jobs for Hoosiers.”

Cigital was established in 1992 with funding and contracts from the Defense Advanced Research Projects Agency and NASA. The company, which has additional offices in New York, Massachusetts, California, the United Kingdom, the Netherlands and India, has been awarded eight patents for its advances in software security.

The Indiana Economic Development Corporation offered Cigital, Inc. up to $250,000 in conditional tax credits and up to $8,100 in training grants based on the company’s job creation plans. These tax credits are performance-based, meaning until Hoosiers are hired, the company is not eligible to claim incentives. The city of Bloomington supports the project through additional incentives at the request of the Bloomington Economic Development Corporation.

“This is a big win in our continuing effort to enhance our growing high tech community,” said Bloomington Mayor Mark Kruzan. “The new jobs that Cigital is bringing mean more opportunities in Bloomington for our local tech workers and for new grads from Indiana University. It also means more reasons for tech workers and other employers around the globe to look at coming to Bloomington to create their own opportunities.”

About Cigital
Cigital, Inc. is the leading software security consulting firm in the world. Established in 1992, Cigital plans and implements initiatives that help organizations ensure their applications are secure and reliable while also improving how they build and deploy software. Our recognized experts apply a combination of proven methodologies, tools, and best practices to meet each client’s unique requirements. Cigital is headquartered outside Washington, D.C. with regional offices in the U.S., Europe, and India. For more information visit: http://www.cigital.com.

Contact:
Terri Randolph
Cigital
703-404-5757
trandolph@cigital.com

DULLES, VA, February 16, 2012—Cigital, Inc., a leading software security consulting firm, today announced the company has been selected to participate at the AFCEA DC Emerging Technologies Symposium on February 21, 2012, at the Capital Hilton in Washington, DC. Cigital was selected from a highly-competitive field of candidates to present its technology, SecureAssist, an IDE plug-in that automatically provides “just-in-time” security guidance.

Cigital’s SecureAssist was selected from a field of innovative technologies by a committee of Government, Industry, and Academic professionals versed in the current trends in the military/government IT community. The evaluation process included a competitive, vendor-neutral process for determining the industry firms selected, and presentations chosen represent the most pressing challenges facing military and government IT.

“We are excited that Cigital has been selected to present SecureAssist at this informative and vital event for the military/government IT industry,” said Stuart Dross, Vice President, Sales and Marketing, Cigital. “SecureAssist has the ability to help our military and government agencies dramatically improve the security of the applications they are creating.  The result is an overall improved security posture for our nation’s vital assets.”

The AFCEA DC Emerging Technologies Symposium will provide military and civilian government officials an ethical public forum in which they can rapidly learn about new technologies.  The focus will be on advances that reduce costs, increase efficiency, and help Military and Federal Government officials with the mission to protect at home and abroad. See here for more information.

SecureAssist is an IDE plug-in that automatically provides “just-in-time” security guidance, as the code is written. Rather than scanning for bugs after code is written and committed, SecureAssist acts as a desktop security expert, providing guidance automatically when developers work on areas in the code where risk may be introduced. SecureAssist trains developers while eliminating security defect creation and measurably reduces costs and increases efficiency. Learn more about SecureAssist.

About Cigital
Cigital, Inc. is the leading software security consulting firm in the world. Established in 1992, Cigital plans and implements initiatives that help organizations ensure their applications are secure and reliable while also improving how they build and deploy software. Our recognized experts apply a combination of proven methodologies, tools, and best practices to meet each client’s unique requirements. Cigital is headquartered outside Washington, D.C. with regional offices in the U.S., Europe, and India. For more information visit: http://www.cigital.com.

Contact:
Terri Randolph
Cigital
703-404-5757
trandolph@cigital.com

DULLES, VA, February 8, 2012—Cigital Inc., a leading software security consulting firm announced today that the company’s CTO, Dr. Gary McGraw, is the guest editor of the latest issue of Computing Now. This special issue brings together articles from several different corners of the IEEE Computer Society portfolio to address a common theme: innovation, technology transfer, and entrepreneurship.

Innovation, tech transfer, and entrepreneurship is a hot topic in board rooms and classrooms alike. It’s made its way into major technical conferences, including the upcoming RSA Conference as well. And, ironically, about the only thing everyone agrees on is that tech transfer from the lab to global availability is nontrivial.

For this special issue, Dr. McGraw gathers five articles that shed some light on the difficulties of tech transfer. He includes a piece he authored for IEEE Software, Technology Transfer: A Software Security Marketplace Case Study, where he discusses a real example of success to examine the challenges that tech transfer poses in terms of time scale, budget, and dedication. He also features articles that discuss the kinds of innovation that software creates; the efforts needed to teach innovation and entrepreneurship; and how to harness employee innovation. See more details on the special issue here.

“Tech transfer is an important part of the high technology engine for economic growth on the planet,” said Dr. McGraw, Cigital CTO. “As computer security evolves beyond operations to building security in, we look to entrepreneurs to carry ideas from the lab to the marketplace.”

If you’re interested and motivated by the articles presented in this issue, join Dr. McGraw in San Francisco at the RSA Conference. He will moderate a panel discussion on Innovation and Technology Transfer in Security. Distinguished panel members include Peter Denning, Brian Chess, Carl Landwehr, and Paul Kocher. Listen to a short promo for the panel here.

About Cigital
Cigital, Inc. is the leading software security consulting firm in the world. Established in 1992, Cigital plans and implements initiatives that help organizations ensure their applications are secure and reliable while also improving how they build and deploy software. Our recognized experts apply a combination of proven methodologies, tools, and best practices to meet each client’s unique requirements. Cigital is headquartered outside Washington, D.C. with regional offices in the U.S., Europe, and India. For more information visit: http://www.cigital.com.

Contact:
Terri Randolph
Cigital
703-404-5757
trandolph@cigital.com

Boston, MA and Dulles, VA– December 8, 2011 – Vordel, a provider of gateways for SOA and Cloud Computing today announced that it has formed a strategic relationship with Cigital, the world’s largest consulting firm specializing in software security consulting. Together, Vordel and Cigital will deliver solutions and advice to organizations seeking to deploy business services on mobile platforms. The partnership addresses the security deficit for mobile apps, where many organizations still lack the basic security and integration skills necessary to successfully expose internal applications to mobile devices. The Vordel and Cigital alliance will enable end user organizations to implement best practice security for mobile application integration, in addition to satisfying regulatory compliance and governance policies.

In a recent survey conducted by Vordel of Enterprise Architects at Fortune 5000 firms and Government Agencies, 48% of respondents noted security as a top concern for connecting from mobile and Cloud-based applications into the organization. A further 26% of respondents raised integration complexities between mobile and enterprise applications as a key challenge. Vordel Application Gateway addresses these twin concerns by protecting the confidentiality of internal enterprise application information accessible via mobile apps, while mediating the varying data and interface formats between mobile to enterprise applications programming.

“Driven by the commercial success of smartphones and tablets, CIOs and IT managers are under constant pressure to deliver mobile solutions for their internal employees and customers alike.” said Vic Morris, CEO of Vordel. “Securely delivering enterprise services via mobile apps is not a trivial task, because mobile security is not as well established as, for example, service oriented architecture (SOA) security. Vordel Application Gateway solves these problems and together with our partner Cigital, we are helping many companies throughout North America overcome these challenges.”

“In spite of the attention paid to mobile development in the last two years, many organizations still lack the awareness and skillsets to address the challenges of integrating and securing mobile applications,” said Stuart Dross, VP, Sales and Marketing of Cigital. “We are pleased to announce our teaming agreement and partnership with Vordel. Together we can advise and promote solutions that can resolve the key concerns of our clients.”

Cigital has work with Vordel and its products for many years at a variety of customers and industry verticals ranging from discrete manufacturing and financial services to healthcare. The Vordel Gateway is a high quality product, which fits into Cigital’s commitment of delivering optimal security solutions and practices to its customers.

Vordel Application Gateway connects off-premise mobile applications with on-premise applications addressing transport and message level security, identity federation, service level monitoring and enforcement. Furthermore the Gateway offers extensive protocol translation and message transformation capabilities to provide a flexible integration interface for new and legacy applications. The mediation policies run external to the application at wire speed, thus not requiring any intrusive changes to existing application interface. For further information click here.

About Cigital
Cigital, Inc. is the leading software security consulting firm in the world. Established in 1992, Cigital plans and implements initiatives that help organizations ensure their applications are secure and reliable while also improving how they build and deploy software. Our recognized experts apply a combination of proven methodologies, tools, and best practices to meet each client’s unique requirements. Cigital is headquartered outside Washington, D.C. with regional offices in the U.S., Europe, and India. For more information visit: http://www.cigital.com.

Contact:
Terri Randolph
Cigital
703-404-5757
trandolph@cigital.com

DULLES, Va., October 03, 2011—Cigital, the dominant software security consulting firm, today announced that industry veteran Michael Pittenger has joined the company as Vice President of Products. Pittenger will bring over 25 years of experience in operations, marketing and product management to lead Cigital’s product and training offerings.

Pittenger will be responsible for accelerating the growth of Cigital’s SecureAssist and Enterprise Security Portal, as well as the Company’s training offerings, including Instructor Led training and eLearning. In this role, Pittenger will oversee product engineering, product management and product marketing efforts in support of its customers’ software security goals.

“Mike has an extensive background in IT and Software Security and brings a wealth of experience to our organization,” said John Wyatt, Chairman and CEO of Cigital. “We expect that he will accelerate our impact in improving the industry’s ability to build secure software.”

Prior to becoming an Independent Consultant, Pittenger was Vice President of Sales and Marketing at Savant Protection and Vice President of Products at @stake, a security consultancy acquired by Symantec in 2004. He subsequently led his team in a spin-off from Symantec to form Veracode, where he served as co-founder and vice president of business development.

“Cigital has incredibly talented people and has earned its highly respected reputation,” said Pittenger. “It is ideally positioned to help organizations deliver secure software through desktop solutions, automation and training. The company’s vision of a layered approach to software security and bringing security guidance to the developer’s desktop is effective and efficient. I’m excited to join the team.”

About Cigital
Cigital, Inc. is the leading software security consulting firm in the world. Established in 1992, Cigital plans and implements initiatives that help organizations ensure their applications are secure and reliable while also improving how they build and deploy software. Our recognized experts apply a combination of proven methodologies, tools, and best practices to meet each client’s unique requirements. Cigital is headquartered outside Washington, D.C. with regional offices in the U.S., Europe, and India. For more information visit: http://www.cigital.com.

Contact:
Terri Randolph
Cigital
703-404-5757
trandolph@cigital.com

DULLES, Va., September 27, 2011—Cigital, the world’s largest consulting firm specializing in software security, today announced the third major release of the “Building Security In Maturity Model” (BSIMM) study. BSIMM3 continues to add real-world data defining benchmarks for successfully developing and operating an enterprise software security initiative. The study reveals that firms participating in the BSIMM project show measurable improvement in their software security initiatives over time.

BSIMM3 is a multi-year study of real-world software security initiatives, based on in-depth measurement of leading enterprises including Adobe, Aon, Bank of America, Capital One, The Depository Trust & Clearing Corporation (DTCC), EMC, Fannie Mae, Google, Intel, Intuit, McKesson, Microsoft, Nokia, QUALCOMM, Sallie Mae, SAP, Scripps Networks Interactive, Sony Ericsson, Standard Life, SWIFT, Symantec, Telecom Italia, Thomson Reuters, Visa, VMware, Wells Fargo, and Zynga. The BSIMM3 study provides insight into forty-two of the most successful software security initiatives in the world, identifying activities used by these organizations to effectively plan, structure, and execute the evolution of a software security initiative.

Originally launched in March 2009, the BSIMM is the industry’s first software security measurement tool built from real-world data rather than based on philosophy and theory. BSIMM2 was released in May 2010 and tripled the size of the original study from nine organizations to thirty. BSIMM3, released today, covers forty-two firms representing a range of eight overlapping verticals including: financial services (17), independent software vendors (15), technology firms (10), telecommunications (3), insurance (2), energy (2), media (2) and healthcare (1). The current release includes 109 thoroughly updated activity descriptions and a longitudinal study describing the evolution of eleven of the forty-two firms over time.

“The BSIMM Community is made up of professional software security executives,” said Gary McGraw, Ph.D., co-author of the study and CTO of Cigital. “We have moved well past discussion of technical bugs and into the meat of how to change the development culture in a sizeable organization, and more importantly, how to measure results objectively. BSIMM is growing by leaps and bounds because it is both timely and relevant.”

The BSIMM rises to the challenge of measuring security–especially software security. “The BSIMM measurement tool and findings are extremely valuable. I use the data with my consulting clients for measurement and in my own research,” said Diana Kelly an analyst with SecurityCurve. “I recommend that companies building security in to their SDLC get involved with the BSIMM project immediately.”

Using the BSIMM measuring stick, Dr. Gary McGraw, Dr. Brian Chess, and Sammy Migues conducted a series of in-person meetings with executives in charge of software security initiatives. Eleven of these sessions were conducted twice with the same firm, an average of 19 months apart, in order to determine how large-scale software security initiatives change over time.

Some highlights for the third major release of the BSIMM:

• BSIMM3 now includes 42 firms
• BSIMM3 describes 109 activities in 12 practices with 2 or more real examples for each activity
• 11 firms have been measured twice (providing Longitudinal Study data) and the data show measurable improvement
• The BSIMM3 data set has 81 distinct measurements (some firms measured twice, some firms have multiple divisions measured separately)
• BSIMM3 reveals that leading firms on average employ two full time software security specialists for every 100 developers
• BSIMM3 results show that mature software security initiatives are well rounded, with activities in all twelve practices including: strategy and metrics, compliance and policy, architecture analysis, code review, security testing, penetration testing, and configuration management.

BSIMM3 describes the work of 786 software security professionals working with a satellite of 1750 affiliated professionals to secure the software developed by 185,316 developers.

“Now that we have measurements over time, BSIMM3 includes more valuable data than ever,” said Sammy Migues, co-author of the study and Cigital Principal. “We are actively seeking more world-class firms to join the BSIMM Community as we look forward to BSIMM4.”

In addition to the release of BSIMM3, the forty-two firms participating in the BSIMM Project make up the BSIMM Community. The BSIMM Community hosts a private mailing list and an annual Conference where executives from the 42 firms gather to discuss solutions with colleagues who have faced similar issues, seek out mentors from those who are farther along a career path, and band together to solve hard problems.

“BSIMM has been instrumental in documenting software security practices that are in use by a large number of diverse organizations,” said Eric Baize, BSIMM Advisor and Senior Director of the Product Security Office at EMC Corporation. “BSIMM3 demonstrates that security has become part of the software culture in large mature organizations. Used in conjunction with other industry guidance, BSIMM3 can help guide development organizations towards building security into their software development practices.”

For more information and to access the BSIMM3 study, which is distributed free of charge under the Creative Commons, please visit: http://bsimm.com/

About Cigital

Cigital, Inc. is the leading software security consulting firm in the world. Established in 1992, Cigital plans and implements initiatives that help organizations ensure their applications are secure and reliable while also improving how they build and deploy software. Our recognized experts apply a combination of proven methodologies, tools, and best practices to meet each client’s unique requirements. Cigital is headquartered outside Washington, D.C. with regional offices in the U.S., Europe, and India. For more information visit: http://www.cigital.com.

Contact:
Terri Randolph
Cigital
703-404-5757
trandolph@cigital.com

The successful integration of new smart technologies requires addressing cyber security risks holistically and systematically. When the U.S. Department of Energy (DOE) awarded NRECA’s Cooperative Research Network (CRN) $33.9 million in Recovery Act funds for a smart grid demonstration projects, the grant stipulated that the acquisition and deployment make cyber security a priority.

The Guide, provides a step-by-step plan to help the utility improve its security posture, and ensure new smart grid components and technologies do not compromise security.

“We are excited to partner with NRECA to create the cyber security guide and planning tools that will help electric utilities build an internal risk management program and embark on a path of continuous improvement to systematically reduce their exposures to current and emerging cyber security risks,” said Evgeny Lebanidze, a managing consultant at Cigital and a cyber-security team lead on NRECA’s Smart Grid demonstrations project.

Twenty-three cooperatives participating in NRECA’s smart grid demonstration project are already using the Guide and NRECA anticipates that cooperatives across the country will use the Guide, checklist and plan template. CRN, the technology research arm of NRECA has already received requests for the Guide from utilities in the U.S., as well as England, India and Italy.

“We can’t thank Cigital enough for its work on the guide by providing a practical plan for getting started in grid cyber security,” said Craig Miller, NRECA. “The best part is the plan can grow and improve over time, driving continuous improvement and adaptation to changing conditions and technology. This is the only practical way to tackle the problem – do the best you can do now, and then get better month-by-month and year-by-year.”

The Guide is comprised of a suite of documents built upon guidance in NIST IR 7628, NERC CIP, as well as other industry resources and standards. It is also based on Cigital’s cyber security risk management experience gained through 20 years of security consulting and research.

The goal was to create actionable, digestible, and practical guidance for electric utilities that would allow them to assess the existing maturity of their cyber security practices and technologies, and then build a plan for continuous improvement. Cyber security standards for the smart grid remain a moving target, but electric cooperatives are not waiting. The current approach to cyber security puts a stake in the ground and gives utilities something they can start with now.

The Cyber Security Toolkit can be found here.

See more on how Cigital is working to Securing the Smart Grid.

About Cigital

Cigital, Inc. is the leading software security consulting firm in the world. Established in 1992, Cigital plans and implements initiatives that help organizations ensure their applications are secure and reliable while also improving how they build and deploy software. Our recognized experts apply a combination of proven methodologies, tools, and best practices to meet each client’s unique requirements. Cigital is headquartered outside Washington, D.C. with regional offices in the U.S., Europe, and India. For more information visit: http://www.cigital.com.

Contact:
Terri Randolph
Cigital
703-404-5757
trandolph@cigital.com

“Even as Cigital expands service delivery throughout the world, we continue to focus plenty of attention on the thriving US market which continues to be an essential component of our growth strategy,” said John Wyatt, CEO of Cigital. “Together with Consciere we will expand our presence in the Northwest and broaden our existing software security services.”

Cigital’s acquisition of Consciere brings together two formidable thought leaders in security. Consciere co-founder Joel Scambray co-authored the best selling security book series Hacking Exposed. Cigital CTO Dr. Gary McGraw has authored twelve books, including best selling titles Exploiting Software and Software Security. Together, Cigital and Consciere will provide improved services to their combined customer lists and continue to assist them in making informed risk management decisions. Consciere is currently headquartered in Seattle, and serves clients throughout the US and Canada. Cigital has six offices throughout the world, including Washington, D.C., New York, London, Amsterdam, Santa Clara, and India.

“I’m very excited to combine Consciere’s capabilities and strong regional presence with Cigital’s deep technical bench, seasoned operations, and global reach,” said Joel Scambray, CEO, Consciere. “As I have watched computer security evolve and change over the last two decades, Cigital has clearly led the way in software security, helping CISO’s design, plan, and execute enterprise software security initiatives. I look forward to continuing to serve our customers with the greatly enhanced capabilities of the joined organizations.”

With this acquisition, Joel will continue to manage the Northwest, providing Consciere clients with a broad range of Cigital services aimed at building security in. Cigital will continue its expansion in the West and broaden its thought leadership capabilities.

About Cigital

Cigital, Inc. is the leading software security consulting firm in the world. Established in 1992, Cigital plans and implements initiatives that help organizations ensure their applications are secure and reliable while also improving how they build and deploy software. Our recognized experts apply a combination of proven methodologies, tools, and best practices to meet each client’s unique requirements. Cigital is headquartered outside Washington, D.C. with regional offices in the U.S., Europe, and India. For more information visit: http://www.cigital.com.

Contact:
Terri Randolph
Cigital
703-404-5757
trandolph@cigital.com

America’s Cyber Future: Security and Prosperity in the Information Age is a two-volume report created to help U.S. policymakers address the growing danger of cyber insecurity. It features accessible and insightful chapters on cyber security strategy, policy, and technology by some of the world’s leading experts on international relations, national security, and information technology.

Gary McGraw along with Nathaniel Fick, CNAS’s Chief Executive Officer, wrote Chapter III of Volume 2, Separating Threat from the Hype: What Washington Needs to Know about Cyber Security. When it comes to cyber security, it is hard even for experts to understand what is real and what is a cyber chimera. How much of what we are hearing about cyber war is driven by hype? How much of it is something that we need to worry about, and who should do the worrying? This chapter helps policymakers find their way through the fog and set guidelines to protect the best of the Internet and cyberspace, both from those who seek to harm it, and from those who seek to protect it but risk doing more harm than good. In McGraw and Fick’s view, cyber security policy must focus on solving the software security problem – fixing the broken stuff.

“It is high time we turned the discussion of cyber security in Washington from Cyber War to keeping the Cyber Peace,” said Dr. McGraw. “I am pleased to contribute to the discussion with a chapter focused on building security in. Working with a distinguished author and leader such as Nate Fick was a distinct pleasure.”

America’s Cyber Future: Security and Prosperity in the Information Age, edited by CNAS authors Kristin M. Lord and Travis Sharp and co-chaired by Robert Kahn, Mike McConnell, Joseph S. Nye Jr. and Peter Schwartz, includes 14 chapters by renowned experts on the most pertinent topics in cyber security. Download the report here.

About Cigital

Cigital, Inc. is the leading software security consulting firm in the world. Established in 1992, Cigital plans and implements initiatives that help organizations ensure their applications are secure and reliable while also improving how they build and deploy software. Our recognized experts apply a combination of proven methodologies, tools, and best practices to meet each client’s unique requirements. Cigital is headquartered outside Washington, D.C. with regional offices in the U.S., Europe, and India. For more information visit: http://www.cigital.com.

Contact:
Terri Randolph
Cigital
703-404-5757
trandolph@cigital.com

Dr. McGraw will be speaking on Software Security and the Building Security in Maturity Model (BSIMM). Using the framework described in one of his many books, Software Security: Building Security In, he will discuss and describe the state of the practice in software security. He will also describe the BSIMM, a project created by observing and analyzing real-world data from over 30 leading software security initiatives. The BSIMM helps to determine how a firm’s software security initiative compares to other firms’ software security initiatives and what steps can be taken to make an initiative more effective.

“Reaching out to developers and their leadership is critical to the success of software security as a field,” says Dr. McGraw. “Keynoting at SES is a great opportunity to engage directly with the development community gathered by IEEE Software and let them know what’s going on in software security and why it is important that they get involved. We have made some great progress in software security, but really we are only getting started.”

The Software Experts Summit, a high-level, one-day summit, focusing on “Managing the Pace of Innovation,” will include six information-packed sessions to help technology professionals gain knowledge of engaging and cutting-edge software engineering topics, such as: software security and the BSIMM initiative; innovation through composition-oriented engineering; software decisions under time pressures; software functionality fundamentals and best-practices. It is being sponsored by the IEEE Computer Society and IEEE Software magazine. To register and for more information, visit http://www.computer.org/ses11

Dr. McGraw is a globally recognized authority on software security and the author of eight best selling books on the topic. His titles include Software Security, Exploiting Software, Building Secure Software, Java Security, Exploiting Online Games, and 6 other books; and he is editor of the Addison-Wesley Software Security series. Dr. McGraw has also written over 100 peer-reviewed scientific publications, authors a monthly security column for informIT, and is frequently quoted in the press.

About Cigital

Cigital, Inc. is the leading software security consulting firm in the world. Established in 1992, Cigital plans and implements initiatives that help organizations ensure their applications are secure and reliable while also improving how they build and deploy software. Our recognized experts apply a combination of proven methodologies, tools, and best practices to meet each client’s unique requirements. Cigital is headquartered outside Washington, D.C. with regional offices in the U.S., Europe, and India. For more information visit: http://www.cigital.com.

Contact:
Terri Randolph
Cigital
703-404-5757
trandolph@cigital.com

Dr. McGraw will address computer science majors and graduate students at several colleges and universities in the upcoming months. Schools on the tour include: North Carolina State University, Swarthmore College, Bryn Mawr, UMASS Amherst, and Georgetown University. Dr. McGraw has already delivered lectures at the University of Virginia, Tufts, and Harvard in 2011. Students will get a chance to interact with a bone fide world expert in software security as he describes how to build security into software in order to avoid software exploit. McGraw will address security issues surrounding social networking, mobile devices, and cyber war weapons including Stuxnet.

Upcoming talks include:

North Carolina State University – March 28
Class Lecture and Departmental Colloquium: Software Security and the Building Security In Maturity Model

Swarthmore College and Bryn Mawr – April 8
Invited Talk: Attack Trends 2011

UMASS Amherst – April 28
Invited Talk: Why Software Security

Georgetown University – May 6
Invited Talk: Attack Trends 2011

“At Cigital we’re very much interested in getting students excited and involved with software security as early as possible,” said Dr. McGraw. “Cigital is growing quickly. We count on leading Universities and Colleges to produce future Cigital employees and thought leaders as software security expands worldwide.”

Early in 2011, Dr. McGraw met with students at University of Virginia, where he gave an informative class lecture and departmental colloquium. Likewise, on March 10, he delivered an invited talk to students at Harvard University and Tufts University on Attack Trends.

Dr. McGraw is a globally recognized authority on software security and the author of eight best selling books on the topic. His titles include Software Security, Exploiting Software, Building Secure Software, Java Security, Exploiting Online Games, and 6 other books; and he is editor of the Addison-Wesley Software Security series. Dr. McGraw has also written over 100 peer-reviewed scientific publications, authors a monthly security column for informIT, and is frequently quoted in the press.

About Cigital

Cigital, Inc. is the leading software security consulting firm in the world. Established in 1992, Cigital plans and implements initiatives that help organizations ensure their applications are secure and reliable while also improving how they build and deploy software. Our recognized experts apply a combination of proven methodologies, tools, and best practices to meet each client’s unique requirements. Cigital is headquartered outside Washington, D.C. with regional offices in the U.S., Europe, and India. For more information visit: http://www.cigital.com.

Contact:
Terri Randolph
Cigital
703-404-5757
trandolph@cigital.com

Dr. McGraw will discuss software security based on real-world data taken from the Building Software In Maturity Model (BSIMM), beginning with a keynote address at the SAP Quality Day on Monday, March 14, in Mannheim, Germany. On March 16, he will address IT professionals at CERN, the European Organization for Nuclear Research in Geneva, and he will talk about how to start and evolve software security initiatives at the Cigital Europe Roundtable discussion also being held in Geneva.

SAP Quality Day brings together industry leaders and experts in the field. Dr. McGraw will present a keynote address on “Software Security: State of the Practice 2011.” Using the framework described in his book, Software Security: Building Security In – built around the three pillars of software security: risk management, the touchpoints, and knowledge – he will talk about software security, the present state and the future.

“Software security is a rapidly expanding and increasingly important field. As the largest software security consultancy in the world, Cigital is pleased to see interest expanding in Europe,” says Dr. McGraw. “The European market is important to us strategically, and we are pleased to offer our most advanced services to leading European firms.”

At CERN, one of the world’s largest and most respected centers for scientific research, Dr. McGraw will discuss and describe the state of the practice in software security based on real-world data. This seminar is part of the CERN Computing Colloquia which presents future trends in computing and information technology that are of broad interest to the physics and computing community at CERN.

During Cigital’s Europe Roundtable, a discussion on how to manage software risk in a global enterprise, Dr. McGraw will talk about the BSIMM, which is designed to help understand, measure, and plan software security initiatives. The BSIMM was created by observing and analyzing real-world data from thirty-two leading software security initiatives, including a number of European firms, such as Nokia, Standard Life, SWIFT, Telecom Italia, and Thomson Reuters.

“Dr. McGraw is one of the best known software security experts in the world, making him an ideal speaker to address global issues facing leading European firms,” states Florence Mottay, Cigital Managing Principal. “We are honored to have him address the European market.”

Dr. McGraw is a globally recognized authority on software security and the author of eight best selling books on the topic. His titles include Software Security, Exploiting Software, Building Secure Software, Java Security, Exploiting Online Games, and 6 other books; and he is editor of the Addison-Wesley Software Security series. Dr. McGraw has also written over 100 peer-reviewed scientific publications, authors a monthly security column for informIT, and is frequently quoted in the press.

About Cigital

Cigital, Inc. is the leading software security consulting firm in the world. Established in 1992, Cigital plans and implements initiatives that help organizations ensure their applications are secure and reliable while also improving how they build and deploy software. Our recognized experts apply a combination of proven methodologies, tools, and best practices to meet each client’s unique requirements. Cigital is headquartered outside Washington, D.C. with regional offices in the U.S., Europe, and India. For more information visit: http://www.cigital.com.

Contact:
Terri Randolph
Cigital
703-404-5757
trandolph@cigital.com

Cigital speakers include:

Dr. Gary McGraw, Chief Technology Officer

Software Security: From Experts to Monkeys – Dr. Gary McGraw will lead this session as part of RSA’s Innovation Sandbox, a unique half-day program representing today’s best new security solutions. Peer-to-peer collaboration is crucial to solving information security challenges and jumpstarting the technologies that will shape the future of our industry. Innovation Sandbox brings together some of the industry’s most talented people for interactive white boarding sessions buzzing with excitement.
Monday, February 14

Cyber War: How We Learned to Stop Worrying and Love the Cyber Bomb – Moderated by Dr. Gary McGraw and sponsored by IEEE Security & Privacy. Dr. McGraw is a member of the program committee and assembled leading industry experts, from Invincea and Verizon to participate. The panel will discuss how Cyber War is a controversial subject with some experts arguing that the whole idea is overhyped while others argue that it is underappreciated. Who is right? Where do these ideas come from? What do they mean to information security and risk management professionals?
Wednesday, February 16, 8:30 AM

Never Say “Mobile Cloud Leak”: Hype-Free Security Chatter for the C-Suite – Dr. Gary McGraw and seasoned CSO, Jerry Archer of Sallie Mae discuss and debate the use of hot topics to sell security up the chain.
Wednesday, February 16, 11:10 AM

Jason Rouse, Principal Consultant

Security Basics Seminar – Jason Rouse, along with other leaders in the field, will teach this seminar and explain some of the most important security principles and technologies to new practitioners.
Monday, February 14, 8:30 AM

Alberto Revelli, Senior Consultant

Know Your Threats and Countermeasures: Improving Application Security – Through demos and lectures from Alberto Revelli and other industry experts, this session will discuss a variety of security issues as well as prevention techniques and countermeasures.
Monday, February 14, 8:30 AM

“RSA is always the place to be and be seen in security,” stated Dr. Gary McGraw. “Cigital is proud to play a larger role than ever in this year’s show.”

Cigital will also be featured in the Microsoft booth on the expo floor, showcasing our work with the Microsoft SDL Pro Network. For more information and to register for RSA, please visit http://www.rsaconference.com/2011/usa/index.htm.

About Cigital

Cigital, Inc. is the leading software security consulting firm in the world. Established in 1992, Cigital plans and implements initiatives that help organizations ensure their applications are secure and reliable while also improving how they build and deploy software. Our recognized experts apply a combination of proven methodologies, tools, and best practices to meet each client’s unique requirements. Cigital is headquartered outside Washington, D.C. with regional offices in the U.S., Europe, and India. For more information visit: http://www.cigital.com.

Contact:
Terri Randolph
Cigital
703-404-5757
trandolph@cigital.com