RSS

informIT
IEEE Security & Privacy
Dark Reading
IT Architect

Writings

I am pleased to write a monthly security opinion column for informIT. This column started life with CMP in IT Architect and Network magazines and was called "[In]security" back in October 2004. The column then transitioned into Web content for darkreading.com. Your feedback on the column through the Justice League blog is greatly appreciated.

I am also fortunate to have been the founding editor of the Building Security In Department of IEEE Security & Privacy magazine. John Steven and Gunnar Peterson currently edit the department. I believe this magazine is the best periodical in security, with both scientific accuracy, cutting edge technology, and real world relevance. Through a special offer, you can subscribe for only 29 bucks, and you don't have to join the IEEE. I can't recommend this more highly. Full disclosure: though the IEEE does not pay me for my services, I am on the Board of Governors of the IEEE Computer Society.

informIT article series

Other

Build Security In article series

These articles were all originally published in IEEE Security & Privacy. For more of Gary's publications, see our full listing of his available published articles.

Dark Reading article series

IT Architect (formerly Network Magazine) article series (PDF format)

Science

I began my career at Cigital as a research scientist, and Cigital Labs is still close to my heart. Though I am still active in the scientific research community and interact closely with Cigital Labs, I now spend most of my time helping to run Cigital.

In 1999, I was asked to chair the Infosec Research Council's Malicious Code Infosec Science and Technology Study Group. The result of that collaborative effort was a paper published in IEEE Software called Attacking Malicious Code: A Report to the Infosec Research Council. In 2009, this paper was chosen as one of IEEE Software's 25th-Aniversary Top Picks, meaning it was one of 35 recommended papers selected from a pool of over 1200.

I believe that giving back to academia is essential. I try to give academic talks at various schools as often as possible, with annual stops at: Stanford, Johns Hopkins, University of Virginia, North Carolina State University, Waterloo, and University of Maryland. If I am on the road for business reasons, I always seek out a great nearby school to visit. I also act as Advisor to the Computer Science Department at UC Davis and the Computer Science Department at the University of Virginia (where we are working on creating a BA in the College of Arts and Sciences). I serve on the Dean's Advisory Council of the School of Informatics at Indiana University.

In 2005, I was elected to a three year term on the Board of Governors of the IEEE Computer Society.

In 2009, we released the Building Security In Maturity Model (BSIMM). BSIMM is based on direct observation of nine successful software security programs including: Adobe, EMC, QUALCOMM, Google, Wells Fargo, Microsoft, and DTCC (plus two other financial services companies who shall remain un-named). The BSIMM provides a yardstick for software security. Download a copy for yourself and use it under the Creative Commons license.

Publications

My curriculum vita (PDF) includes a complete list of publications and lectures.

A Web-searchable listing of trade publications and research papers from Cigital is available through the Cigital website. All of my recent publications can be found there.

A large number of Java security trade publications can be found on the Java security Website

Pre-1996 papers are available in an out-of-date publications archive, where you can find abstracts and links to postscript files.

Cognitive science papers from the Center for Research on Concepts and Cognition (CRCC), where I did my graduate research, are available by ftp.

My completed thesis is available in multiple resolutions on my thesis page. Please feel free to send me questions and/or comments about what you see.

Copyright © 2010, Gary McGraw