I am very pleased when people notice my work and talk about it. Part of my life as a pundit is to help cut through security baloney and explain things as clearly as possible to normal people in every day language.
| 11/30/11 | Software [In]security: Third-Party Software and Security, InformIT. |
| 11/27/11 | In 2012, a mobile security minefield, CSO Online. |
| 10/31/11 | Software [In]security: Software Security Training , InformIT. |
| 10/26/11 | Web application risks exacerbated by social media ties, says ISACA, SearchSecurity.com. |
| 10/07/11 | Security Upgrades Needed With Growing Cyberwar Threats, PCWorld. |
| 10/04/11 | Developing IT risk management decision-making criteria an ongoing challenge, SearchSecurity.com. |
| 09/30/11 | SAFECode and the BSIMM: Two Paths to a Common Goal, SAFECode blog. |
| 09/30/11 | BSIMM3 Continues To Add Real-World Data to Security Maturity Model , Application Development Trends. |
| 09/29/11 | New BSIMM3 Guide Provides New Data On Secure Software Development, OnlySoftwareBlog. |
| 09/29/11 | New BSIMM3 Guide Provides New Data On Secure Software Development, DarkReading. |
| 09/28/11 | Multi-year study of real-world software security initiatives, Help Net Security. |
| 09/28/11 |  Gary McGraw on the BSIMM3 Data Release, Threatpost. |
| 09/27/11 | BSIMM3 launches today, CSO Online. |
| 09/27/11 | BSIMM3 Released: "An Excellent Tool for Devising a Software Security Strategy" , CyBlog. |
| 09/27/11 | Software [In]security: BSIMM3, InformIT. |
| 09/27/11 | BSIMM3 Release Doubles Software Security Measurement Data and Includes Measurements Over Time, Global Security Mag. |
| 09/27/11 | A Secure Software Development Lifecycle Model Matures, DeviceLine Blog. |
| 09/27/11 | A Secure Software Model Matures, Forbes.com. |
| 09/27/11 | Cigital BSIMM 3 study provides software security metrics data, SearchSecurity.com. |
| 09/14/11 | NKU to host top information security experts in pair of public talks Saturday and Monday , The Lane Report. |
| 09/13/11 | The Past, Present and Future of Software Security, Threatpost. |
| 09/13/11 | The Rise of Software Security, Slashdot. |
| 08/03/11 | New Microsoft BlueHat Prize offers $250,000 for security innovation, SearchSecurity.com. |
| 08/02/11 | Report on ‘Operation Shady RAT’ identifies widespread cyber-spying, Washington Post. |
| 07/21/11 | Software [In]security: Software Security Zombies, InformIT. |
| 07/07/11 | Simple Isn't Simple, Darkreading.com. |
| 06/10/11 | Secure coding news flash: BSIMM3 coming in August, CSO Online. |
| 06/08/11 | Banks replace SecurID tokens, FierceCIO. |
| 06/07/11 | Cigital acquires Consciere, brings in security vets, SearchSecurity.com. |
| 06/07/11 | RSA Faces Angry Users After Breach, New York Times. |
| 06/02/11 | While U.S. Plots Cyber Strategy, Experts See Obstacles Ahead, Threatpost. |
| 05/30/11 | Software [In]security: Computer Security and International Norms, InformIT. |
| 04/21/11 | Register for May 17 IEEE Computer Society Software Experts Summit, Digital Journal. |
| 04/12/11 | Software [In]security: vBSIMM (BSIMM for Vendors), InformIT . |
| 04/01/11 | Marcus Ranum and Gary McGraw talk about software security issues, Security. |
| 03/31/11 | Microsoft Cites Progress in SDL Report, Advocates More Adoption of ASLR, DEP, Threatpost. |
| 03/30/11 | Most Windows Applications Use Microsoft's DEP, DarkReading. |
| 03/30/11 | Microsoft cites software security progress despite sluggish ASLR support, SearchSecurity.com. |
| 03/22/11 | Software [In]security: Modern Malware, InformIT. |
| 03/15/11 | How to Mine Customer Data the Right Way, PCWorld. |
| 03/14/11 | BSIMM's European Tour, Application Development Trends. |
| 03/14/11 | Industry groups, businesses attempt security awareness training plan, SearchSecurity.com. |
| 03/09/11 | Keynote Speakers Announced for May 17 Software Experts Summit in Silicon Valley, Digital Journal. |
| 02/16/11 | IEEE Security & Privacy Cyberwar Panel at RSA Conference 2011, Computing Now. |
| 02/09/11 | Hotel Technology Event to Feature Top Speakers and Issues, Hospitality.net - Industry News. |
| 02/08/11 | New Funding, New Website, New Research, Dasient Blog. |
| 02/08/11 | Advanced Persistent Threat: Industrial Strength Hacking, Expert Voices Speaker Series. |
| 02/04/11 | Real Cyber Warfare: Carr’s Top Five Picks, Forbes.com. |
| 01/25/11 | Social Networking: Keeping It Clean, The Journal. |
| 01/09/11 | Security Awareness and Embedded Software, Making Life Easier - Ronald Landheer-Cieslak Blog. |
| 01/01/11 | Old information security challenges persist, SearchSecurity.com. |
| 12/15/10 | Security expert suggests demilitarizing cybersecurity, ZDNet. |
| 12/14/10 | Cracks in cyber security reveal gaping holes in our digital defenses, TechJournal South . |
| 12/02/10 | Talk of Cyber War: What is It Good for? Absolutely Nothing, Experts Say, The New New Internet (TNNI). |
| 12/02/10 | Wikileaks: Uncle Sam Was Warned, Threatpost. |
| 12/01/10 | Demilitarizing cybersecurity (Q&A), CNET. |
| 12/01/10 | McGraw and Arce on Cyberwar, 1 Raindrop. |
| 11/30/10 | Gary McGraw on Cyber War, Cyber FUD and Rhetoric, Threatpost. |
| 11/30/10 | Expert: BSIMM Can Help Enterprises Build Secure App Development Processes, DarkReading. |
| 11/26/10 | Sky News, Stuxnet and the End of the World, ComputerWeekly.com. |
| 10/12/10 | PCI Compliance Means Getting Your App Security Together , DarkReading. |
| 10/05/10 | Stuxnet: Fact vs. theory, CNET. |
| 10/01/10 | Defending Against Stuxnet Type Threats, Invincea. |
| 09/28/10 | All About Stuxnet, Six Lines blog. |
| 09/28/10 | How to Develop More Secure Software - Practices from Thirty Organizations, CERT podcast. |
| 09/27/10 | Stuxnet: An important change in the national security landscape, CTOvision.com. |
| 09/23/10 | Stuxnet Heralds New Generation of Targeted Attacks , DarkReading. |
| 09/22/10 | Most Third-Party Software Fails Security Tests, DarkReading. |
| 09/10/10 | What Adobe could learn from The Flying Wallendas, The Register. |
| 09/01/10 | It’s time to change... but how?, SDTimes. |
| 09/01/10 | Hack-Proof Dream?, ABA Journal. |
| 08/23/10 | Bejtlich on Silver Bullet Podcast, TaoSecurity. |
| 08/18/10 | HP’s Fortify Buyout Numbers Tell Lucrative Story For Software Security, Forbes. |
| 08/17/10 | HP's Fortify Acquisition: More Validation of Security in the App Dev Lifecycle, Application Development Trends. |
| 08/17/10 | Secure software Experts say it’s no longer a pipe, gagsandgiggles.com blog. |
| 08/06/10 | Real-World Software Security, Dr. Dobb's. |
| 07/07/10 | With about 12m paying customers, World of Warcraft Gold Blog. |
| 06/20/10 | Cyber War: Hype or Consequences?, UGN InfoManager. |
| 06/09/10 | McGraw's Advice to Programmers, Dr. InfoSec™ Blog. |
| 06/07/10 | Open-Source Could Mean an Open Door for Hackers, Technology by MIT Review. |
| 05/20/10 | Staff prefer Facebook to pay rises, says report, ComputerWorld UK. |
| 05/17/10 | Gary McGraw on software security research, SearchSecurity.com - Security Wire Weekly. |
| 05/13/10 | Cigital expands software security model, includes data from 30 major firms, SearchSecurity.com. |
| 05/13/10 | Real-world data on software security initiatives, Help Net Security. |
| 05/13/10 | Cigital expands software security model, includes data from 30 major firms, Hacking Expose. |
| 05/12/10 | Secure coders, take note: BSIMM2 released, CSO Online. |
| 05/12/10 | Leading Software Security Maturity Model Triples to Include More Real-World Data on Real Software Security Initiatives , EarthTimes. |
| 05/12/10 | Building Security In Maturity Model gets an Update, ComputerWeekly.com. |
| 05/12/10 | Gary McGraw on BSIMM2, Software Security and Cargo Cult Science, Threatpost. |
| 05/12/10 | Justice League - BSIMM2, My Security Planet Blog. |
| 05/12/10 | Does your secure software development measure up? See BSIMM, the Sequel, Security and Risk in the Real World - Neil Roiter Blog. |
| 05/12/10 | Evolving Rapidly, BSIMM2 Offers Key Elements of Successful Software Security Initiatives Shared by 30 Major Corporations, CyBlog: Security, Privacy and Mobility in the Information Age. |
| 05/12/10 | Gary McGraw on Developing Secure Software (Q&A), CNET. |
| 05/12/10 | Product Watch: 'Measuring Stick' For Software Security Gets An Update , DarkReading. |
| 05/12/10 | SAFECode and BSIMM: A Powerful Combination in the Work to Improve Software Security, SAFECode blog. |
| 05/12/10 | Measuring Software Security: BSIMM2 and Beyond, eSecurity Planet. |
| 05/12/10 | BSIMM2: Look Left, Look Right, GEEKONOMICS. |
| 05/12/10 | [WEB SECURITY] BSIMM2, Web Application Security Consortium . |
| 05/12/10 | Leading Software Security Maturity Model Triples to Include More Real-World Data on Real Software Security Initiatives, FOX Business. |
| 05/12/10 | New BSIMM report released..., MSDN blog. |
| 05/12/10 | BSIMM2, Justice League Blog. |
| 05/05/10 | How Bad Assumptions Are Making Software Less Secure, Forbes. |
| 05/01/10 | The Debate Over Social Media at the Office, Entrepreneur Magazine. |
| 04/22/10 | Hackers and Social Networking: A Love Story, TechNewsWorld. |
| 04/09/10 | Securing the smart grid, cnet. |
| 04/01/10 | Game developers battle cheaters in a virtual world, Orlando Sentinel. |
| 04/01/10 | OWASP Top 10 vulnerabilities list adds risk to equation, Information Security Magazine. |
| 03/31/10 | Survey Says: More Than Half of Software Companies Deploying Secure Coding Methods, DarkReading. |
| 03/27/10 | Pokerstars RNG Certified, RecentPoker.com. |
| 03/24/10 | Promoting the CS at trade shows, Inside the Computer Society (IEEE Computer Society). |
| 03/18/10 | Warren Axelrod on Banking Information Security Exclusive Interview on Trends, Threats and Priorities, BankInfoSecurity. |
| 03/07/10 | Exploiting Online Games: Cheating Massively Distributed Systems, Blizz Hackers blog. |
| 03/04/10 | How a process model can help bring security into software development, Government Computer News. |
| 03/02/10 | RSA 2010: Lifestyle Hacking -- Notes on "Social Networks & Gen Y Meet Security & Privacy", CyBlog. |
| 03/02/10 | Hot topic at RSA: The pitfalls and promise of social networking, Infosecurity. |
| 02/23/10 | Sprechen Sie SSL?, News from the Lab. |
| 02/19/10 | Proposal Would Hold Software Developers Accountable For Security Bugs, InformationWeek. |
| 02/18/10 | New York State holds software developers accountable, Infosecurity. |
| 02/18/10 | Infrastructure vs. Application Security Spending, Jeremiah Grossman. |
| 02/18/10 | Legal Liability For Faulty Code, Mark Hess' Behind The Lines. |
| 02/17/10 | Morning Security Brief: Cyberdisaster Exercise, Software Security, Pandemic Tools, and More, Security Management. |
| 02/16/10 | Group Proposes Suits Over Faulty Code, Gov Info Security. |
| 02/16/10 | SANS Institute, MITRE release new top 25 dangerous coding errors list, SearchSecurity.com. |
| 02/16/10 | Top 25 Programming Errors: Should Software Developers be Liable?, Bank Info Security. |
| 02/16/10 | Hold vendors liable for buggy software, group says, Computer World. |
| 02/16/10 | 25 ways to better secure software from cyber attacks, Scientific American Observations. |
| 02/16/10 | Security agencies release Top 25 programming errors, Washington Technology. |
| 02/16/10 | Proposal Would Hold Software Developers Accountable For Security Bugs, Dark Reading. |
| 02/16/10 | Hold Vendors Liable for Buggy Software, Group Says, CIO. |
| 02/12/10 | Improving software with the Building Security in Maturity Model (BSIMM), SearchSecurity.com. |
| 02/09/10 | Microsoft, Google split over browser bug bounty, Insecurity Complex (cnet news). |
| 02/08/10 | Trailer: The New Face of Cybercrime, Internet SecuritT Group. |
| 02/03/10 | DHS Takes Steps In The Right Direction, Gartner Blog Network. |
| 02/01/10 | In their words: Experts weigh in on Mac vs. PC security, Insecurity Complex (cnet news). |
| 01/28/10 | BSIMM: A Descriptive Model of Software Security, good code. |
| 01/27/10 | David Rice on Silver Bullet Security Podcast with Gary McGraw, Geekonomics. |
| 01/26/10 | Books you need to buy 3, Rock'n'Roll Programming. |
| 01/21/10 | Special Webcast: The Impact of BSI-MM in Software Development Programs, GEEKONOMICS. |
| 01/20/10 | The Building Security In Maturity Model, CERIAS Security Seminar Podcast. |
| 01/18/10 | SANS Application Security Summit 2010, GEEKONOMICS. |
| 01/04/10 | Software Security – An interview with Dr. Gary McGraw, Imperva Security Podcasts. |
| 12/31/09 | Building Security In Maturity Model, RiskPundit. |
| 12/30/09 | The All-Decade Interview Team, threatpost. |
| 12/30/09 | Fun Reading on Security and Compliance #22, Anton Chuvakin Blog - "Security Warrior". |
| 12/28/09 | Web Application Security Podcasts, Secweb.nerd.it blog. |
| 12/23/09 | Exploiting Online Games: Cheating Massively Distributed Systems, Security Reading Room Blog. |
| 12/15/09 | SANS Institute to Host First Annual Application Security Focused Event and Summit, JAVA Developer's Journal. |
| 12/13/09 | Coding gems 11-20, Confessions of a Chief Home Officer. |
| 12/05/09 | Lifestyle Hacking, WSVG Tech Blog. |
| 12/01/09 | Silver Bullet Talks with Fred Schneider, IEEE SECURITY & PRIVACY. |
| 11/23/09 | looking out for lifestyle hackers in the workplace, terminal 23. |
| 11/18/09 | Bring Your Computer to Work Day?, 1 Raindrop. |
| 11/13/09 | Best practices in information security, Continuity Central. |
| 11/13/09 | Interested in application (code) security?, Bloor. |
| 11/12/09 | Fortify Software: New Study Provides Real-World Data on Leading Software Security Initiatives in Europe, TradingMarkets.com. |
| 11/12/09 | Differences between EU and US attitudes to application security detailed in new report, SC Magazine. |
| 11/12/09 | Cigital, Fortify tailor security model for Europe, SD Times. |
| 11/12/09 | New Study Provides Real-World Data on Leading Software Security Initiatives in Europe; First-ever European Maturity Model Details Success of SWIFT, Nokia and others, TMCnet.com. |
| 11/11/09 | Real-world data on software security initiatives, Help Net Security. |
| 11/11/09 | BSIMM Europe, Minded Security Blog. |
| 11/11/09 | BSIMM Europe, Off by On. |
| 11/10/09 | Hot-or-Not sessie over software security, Beveiliging Nieuws. |
| 11/10/09 | From Biometrics to BSIMM , & "50 Hurricanes Hitting At Once!" -- A Report on the Sixth Annual Partners Conference, CyBlog: Security, Privacy and Mobility in the Information Age. |
| 11/06/09 | Gary McGraw on Software Security, the BSIMM Model and Critical Thinking, Digital Underground podcast. |
| 11/06/09 | Gary McGraw on Software Security, the BSIMM Model and Critical Thinking, Gary McGraw on Software Security, the BSIMM Model and Critical Thinking. |
| 11/05/09 | Journal: Out of Touch with Reality I, Public Intelligence Blog. |
| 11/04/09 | Lifestyle Hackers: o desafio da Net Generation, Miguel Almeida. |
| 11/03/09 | Lifestyle Hackers, Hack in the Box. |
| 11/03/09 | The new insider threat - lifestyle hackers, RiskPundit. |
| 11/03/09 | Lifestyle Hackers, Hayes on Security. |
| 11/02/09 | Hacking Is A Way Of Life, Dark Reading. |
| 11/02/09 | Lifestyle Hackers, LinuxSecurity.com. |
| 11/09 | Fortify: New Study Provides Real-World Data on Leading Software Security Initiatives in Europe, Global Security Mag. |
| 10/27/09 | Leer denken als een hacker en programmeren als een security expert, engineersonline.nl. |
| 10/24/09 | Hoff on Silver Bullet Podcast, SecuObs.com. |
| 10/24/09 | Hoff on Silver Bullet Podcast, 1 Raindrop. |
| 10/24/09 | Cigital’s Gary McGraw talks cloud security with Chris Hoff, IT Knowledge Exchange. |
| 10/22/09 | Web application firewall use goes beyond compliance, company finds, SearchSecurity.com. |
| 10/22/09 | Sicurezza Open, Il sole 24 ore. |
| 10/20/09 | New Lecture Series Centers on Security Issues, UA News. |
| 10/12/09 | Exploiting Online Games, TEEYAI's Blog. |
| 10/09/09 | Reality Check, 1 Raindrop. |
| 10/08/09 | Cigital, SANS Institute Roll Out Software Security Self-Measurement With BSIMM, DarkReading. |
| 09/25/09 | Benchmarking Security – Are We Safe Yet?, John Pescatore (Gartner Blog Network). |
| 09/17/09 | Is SQL Password Vulnerability A Real Threat?, Redmond Developer News. |
| 09/16/09 | Silver Bullet Security Podcast: Fred Schneider, Computing Now (IEEE Computer Society Newsletter). |
| 09/15/09 | Information Security Summit 2009 - Overview, Gartner. |
| 08/18/09 | SQL Injection continues to trouble firms, lead to breaches, SearchSecurity.com. |
| 07/27/09 | Book Review: Exploiting Online Games, 404 Tech Support. |
| 07/21/09 | Silver Bullet Podcast Interviews Bob Blakley, Burton Group Blogs: Security and Privacy. |
| 07/08/09 | Suspicion Centers on N. Korea in DoS Blitz but No Smoking Gun, TechNewsWorld. |
| 07/01/09 | Gov't official: We're serious about cybersecurity this time, ITworld. |
| 06/25/09 | The Value of Static Analysis Tools, Building Real Software. |
| 06/22/09 | From computer determinism to real world indeterminism, Thinking Inside a Bigger Box. |
| 06/20/09 | Q&A: Twitter And Clouds, Dr. Dobb's. |
| 06/19/09 | Developing Secure Applications, Data Manager Online. |
| 06/10/09 | How Microsoft Influenced Adobe Security In a Good Way, ComputerWorld. |
| 06/05/09 | Summer Reading for Security Pros: Schneier or Sagan?, CSO Online. |
| 06/03/09 | PayPal Software Security Podcast, cgisecurity.com. |
| 06/02/09 | Xbox: Integrating Social Networks, ESET Threat Blog. |
| 05/10/09 | CyLab Business Risks Forum: Gary McGraw on Online Games, Electronic Voting and Software Security, CyBlog. |
| 04/27/09 | Gary McGraw Interviews Virgil Gligor on Software Security and Other Vital Issues, CyLab news. |
| 04/24/09 | Hacking in online games a widespread problem, FierceCIO TechWatch (also: cnet). |
| 04/23/09 | Top Cybersecurity Official Spurs White House to Take Lead, TechNewsWorld. |
| 04/23/09 | Hacking online games a widespread problem, cnet news. |
| 04/22/09 | RSA: The fundamental challenge of security versus privacy, SC Magazine. |
| 04/22/09 | Denim Group Mention in InformIT Article on Software Security Industry Trends, Denim Group. |
| 04/22/09 | Experts call for better measurement of security, threatpost: digital underground. |
| 04/20/09 | Secure software? Experts say it's no longer a pipedream, cnet security news. |
| 04/19/09 | Brian Chess and Gary McGraw AND-401: Building Security In Maturity Model (BSIMM), RSA Conference 365. |
| 04/17/09 | Gary McGraw FEA-105: Surveillance: Security, Privacy and Risk and HT2-303: Exploiting Online Games, RSA Conference 365. |
| 04/16/09 | RSA 2009, SecurityCurve. |
| 04/14/09 | RSA panel to discuss surveillance, privacy concerns, SearchSecurity.com. |
| 04/08/09 | Building Security In Maturity Model (BSIMM), (ISC)2 Blog. |
| 04/07/09 | Software [In]security: Nine Things Everybody Does: Software Security Activities from the BSIMM, threatpost Punditry. |
| 04/07/09 | IEEE Security & Privacy Magazine Sponsors Surveillance Panel at RSA, PR Newswire (press release). |
| 04/06/09 | Building Security In, Maturely, Emergent Chaos. |
| 04/03/09 | Brad’s Reality Check Interview, ASSET (Adobe blog). |
| 04/01/09 | Een maturiteitsmodel voor software security, IT Professional. |
| 03/31/09 | Conficker Fears Create Fertile Ground for Other Scammers, TechNewsWorld. |
| 03/31/09 | An Experience-Based Maturity Model for Software Security, CERT Podcast. |
| 03/27/09 | BSIMM lays out security blueprint, SDTimes. |
| 03/27/09 | The He Got Game Rule, 1 Raindrop. |
| 03/25/09 | It B-SIMM-ply Marvelous!, Enterprise Security Blog. |
| 03/23/09 | SDWest, SDBestPractices, SDArch&Design: RIP, 1975 - 2009, The Blog Ride. |
| 03/17/09 | First Data-Based Security Maturity Model Released, Visual Studio Magazine (also: Redmondmag.com). |
| 03/17/09 | How to Write Apps Without the Security Sinkholes, CSO Online's Security Insights (podcast). |
| 03/17/09 | First Data-Based Security Maturity Model Released, Application Development Trends. |
| 03/13/09 | Microsoft on ‘Building Security In Maturity Model’, Ruminations on Architecture and Security. |
| 03/13/09 | Fortify & Cigital Release BSIMM -- Integrating Best Practices from Nine Software Security Initiatives, CyBlog. |
| 03/12/09 | Software Security Model – BSI-MM released, Mike Andrews. |
| 03/12/09 | Building Security In Maturity Model, The Security Development Lifecycle (MSDN). |
| 03/12/09 | New report offers low-down on secure develoment, Network World. |
| 03/11/09 | New report offers low-down on secure develoment, Techworld.com. |
| 03/11/09 | Application Security is Journey, Not a Destination, Security Incite. |
| 03/10/09 | Obama's New Tech Czar, BusinessWeek. |
| 03/10/09 | Maturity model offers software security yardstick, Computer Business Review (also: Computer World UK). |
| 03/10/09 | Modelo de Maturidade para Segurança de Software (translate), marcelosouza.com. |
| 03/10/09 | A New Hope for Software Security?, Network World (also: CSO Online). |
| 03/09/09 | Political Turf Wars Drive Out US Cybersecurity Chief, TechNewsWorld. |
| 03/09/09 | Building Security In Maturity Model Partly Applies to Detection and Response, TaoSecurity. |
| 03/06/09 | BSI-MM est arrivé!, 1Raindrop. |
| 03/06/09 | CAG, BSIMM and field-assessed security, Security Balance. |
| 03/06/09 | Fortify, Cigital Release Software Security Program Benchmarks, Dark Reading. |
| 03/06/09 | Risks Digest 25.60, RISKS. |
| 03/05/09 | Benchmarks for developing and growing an enterprise-wide software security program, Help Net Security. |
| 03/05/09 | Build Security In Maturity Model Released, Web Security Testing Cookbook blog. |
| 03/05/09 | Building Security In Maturity Model, Sylvan von Stuppe. |
| 03/05/09 | BSIMM: Maturing the process of Building Security In., SilverStr's Blog. |
| 03/05/09 | BSIMM lives, SC-L. |
| 03/04/09 | The Building Security In Maturity Model (BSIMM), Dr. InfoSec. |
| 03/04/09 | New Effort Hopes to Improve Software Security, The Wall Street Journal Blog: Digits. |
| 02/16/09 | 锁好数据防盗门 走出安全误区, (translate) cnet China. |
| 02/16/09 | Why top lists don’t work, SearchSecurity.com podcast. |
| 02/11/09 | Enterprise Architecture: What is a worst practice in your organization?, Enterprise Architecture: From Incite comes Insight.... |
| 02/09/09 | SQL injection attacks targeting Flash, JavaScript errors, SearchSecurity.com. |
| 02/03/09 | Silver Bullet Security Podcast, 1 Raindrop. |
| 02/03/09 | Book Review: Exploiting Software - How to Break Code, 404 Tech Support. |
| 01/20/09 | Source Code Analysis Tools: How to Choose and Use Them, CSO Online (also: ComputerWorld). |
| 01/20/09 | Spécial sécurité : politique et malware, mélange sulfureux, LeMagIT (English translation). |
| 01/19/09 | Fuzzing Is Still Widely Unknown, ITworld. |
| 01/19/09 | Are vulnerability lists helpful?, SearchSecurity.com Security Squad podcast. |
| 01/15/09 | Gary McGraw's Reality Check Security Podcast, The Security Development Lifecycle. |
| 01/15/09 | Should states lead the charge for secure application development?, SearchSecurity.com. |
| 01/15/09 | OWASP Podcast Series #5. |
| 01/12/09 | Reality Check, Off by On. |
| 01/12/09 | Protection Poker, Emergent Chaos. |
| 01/08/09 | Gary McGraw and Steve Lipner, Emergent Chaos. |
| 01/07/09 | Fuzzing Is A Surprise To Some, But Not To Us - Right?, Fuzzing. |
| 11/28/08 | TOP PC, Internet, Information Security & Identity Management Blogs!, CEOWORLD Magazine. |
| 11/21/08 | Cheating, security, & theft in virtual worlds and online games, GranneBlog. |
| 11/18/08 | The Economics of Finding and Fixing Vulnerabilities in Distributed Systems, 1 Raindrop. |
| 11/13/08 | Book meme, Bleadof's world of tinkering. |
| 11/04/08 | Lecture 07 , UCB CS 294-22 Web Security. |
| 10/20/08 | Browsers getting harder and harder to secure, SearchSecurity. |
| 10/17/08 | The Untapped Open Source Online Gaming Opportunity, TechNewsWorld. |
| 10/16/08 | What Videogames Teach Us About Security, Forbes.com (also: CBC News, Gamefan blog, Game Hype, cgisecurity.com, Rupeesmatter.com, Sify) |
| 10/15/08 | Browser security a concern for website development, SearchSoftwareQuality.com. |
| 09/22/08 | New “Likes and Dislikes”- Based RavenWhite Password Protection Technique Helps Consumers and Businesses Thwart Email Hackers, Business Wire. |
| 09/18/08 | Top 10 Tricks to exploit SQL Server Systems, ultimate windows and pc tips tricks tweaks and hacks. |
| 09/16/08 | The Chosen, System Advancements at the Monastery. |
| 09/16/08 | Twenty cans of worms on the wall … (The Greek Hackers vs CERN Saga), Cyberpunk as a commodity. |
| 09/05/08 | Don't ignore internal security (and don’t write passwords on Post-it's), CIO Symmetry. |
| 09/05/08 | Think like a hacker (and other World of Warcraft-inspired musings), TotalCIO. |
| 09/03/08 | Multiplayer online games pose threat, FierceCIO. |
| 09/08 | New Exploits at Black Hat (sidebar: "Microsoft Lays out Security MAPP"), Redmond Developer News. |
| 08/29/08 | Cybercrime Gets Its Game On, Forbes. |
| 08/25/08 | Software Security Market, 1 Raindrop. |
| 08/20/08 | Gary McGraw and Julia Allen: How to Start a Secure Software Development Program, CERT Podcast Series. |
| 08/19/08 | Security outbreaks an insight 2008, Ammasajan's Weblog. |
| 08/18/08 | IT School to Watch: Indiana University, ComputerWorld. |
| 08/12/08 | Software security is all grown up (or at least walking on its own), Security Bytes. |
| 08/12/08 | Space Race, The Secure Software Zone. |
| 08/12/08 | Best of the Web (August 2008), Dark Reading. |
| 08/11/08 | Denim Group Mention from Gary McGraw, Denim Group blog. |
| 08/08/08 | Daniel Suarez - Daemon: Bot-Mediated Reality, The Long Now Foundation. |
| 08/02/08 | 锁好数据防盗门 走出安全误区 (translation), IT168.com. |
| 08/01/08 | Zero tolerance for bugs, SD Times. |
| 07/31/08 | The state of software security, SearchSecurity.com. |
| 07/25/08 | Getting Started - put Security into your SDLC, ePrivacyAwareness. |
| 07/16/08 | Forrester Research Security Forum 2008, September 4-5, 2008 in Boston (press release), TradingMarkets.com. |
| 07/07/08 | Microsoft Talks Up SDL, Application Development Trends. |
| 07/08 | In Plain Text: Exploiting Online Games, Security Management. |
| 06/30/08 | Exploting Online Games, Rev Dan Catt (reader review). |
| 06/27/08 | Review: Exploiting Online Games Computing Reviews (subscription required). |
| 06/24/08 | Yikes! Vista Security to be Obliterated!, David LeBlanc's Web Log. |
| 06/17/08 | Rise of managed security services, Security Squad podcast (13 min. in). |
| 06/11/08 | Financial Services Lead Spend in $650m Software Security Industry, A-TeamGroup. |
| 06/10/08 | Network Security Podcast, Episode 107. |
| 06/06/08 | Gary McGraw on secure software development, SearchSecurity.com. |
| 06/06/08 | Gary McGraw on secure software development, SearchSecurity.com. |
| 06/04/08 | Protecting the Critical Infrastructure: Beware of Crimeware, BlogInfoSec.com. |
| 05/29/08 | Cigital's Gary McGraw's Monthly Security Column Moves To InformIT, redOrbit. |
| 05/07/08 | Newspapers - Yesterday's News for Yesterday's People, 1 Raindrop. |
| 05/08 | In Search of Trust, Redmond Developer News. |
| 04/29/08 | What tech book are you reading right now?, Blogus Maximus. |
| 04/24/08 | Payment Card Industry standard under attack?, SD Times. |
| 04/07/08 | Addison-Wesley Professional Showcases The New School of Information Security at RSA 2008, press release. |
| 03/18/08 | The oldest debate: Cheating, Level 1 Wizard. |
| 03/17/08 | Seven categories of software security flaws, ComputerWeekly.com. |
| 03/17/08 | Making software secure from first principles, ComputerWeekly.com. |
| 03/12/08 | Criminals step into virtual world, The Gazette (Canada). |
| 02/19/08 | HiR Reading Room: Hakin9 Magazine, HiR Information Report. |
| 02/18/08 | Top 10 Podcast Episodes, Eon Security Blog. |
| 02/11/08 | 15th Annual Network and Distributed System Security Symposium, Supported by the Internet Society, Brings Together Internet Security Experts From Around the Globe, Centre Daily Times. |
| 02/07/08 | Exploiting Online Games, HiR Information Report. |
| 02/06/08 | Haxx0ring 4tw, The Joshua Tree. |
| 02/08 | Improving Software Quality, Software Quality Assurance Engineering. |
| 01/31/08 | The Daily Incite - January 31, 2008, Security Incite. |
| 01/28/08 | Do you see seven misunderstanding Zhendong network security (translated), CSDN. |
| 01/20/08 | Online Game Security, UW Computer Security Course Blog. |
| 01/18/08 | Information security makes the silver screen, Security Bites. |
| 01/16/08 | The State of Security in MMORPGs, Slashdot. |
| 01/16/08 | MMORPG Security, WarCry Network. |
| 01/15/08 | The Daily Incite, Security Incite. |
| 01/12/08 | Top 10 Tricks to exploit SQL Server Systems, Hacking Truths. |
| 01/10/08 | Hacking & the Academy Awards, DarkReading. |
| 01/10/08 | Software Security News, System Advancements at the Monastery. |
| 01/09/08 | Film highlights impact of cybercrime, Engineer Live. |
| 01/08/08 | Freedom to Tinker's 2008 Predictions, Securology blog. |
| 01/07/08 | The Daily Incite, Security Incite. |
| 01/07/08 | Trailer: The New Face of Cybercrime |
| 01/02/08 | Top IT Conversations Shows for December 2007, Phil Windley's Technometria. |
| 01/01/08 | Security researchers warn of dangers in online games, Massively. |
| 01/08 | Best Practices to Secure Your Code, Microsoft Certified Professional Magazine (also: Redmond Developer News). |
I welcome press contact and continue to interact with the press on a regular basis.
