Home > Authors

Gary McGraw

Gary McGraw, Ph.D.
CTO, Cigital

company: www.cigital.com
podcast: www.cigital.com/silverbullet
blog www.cigital.com/justiceleague
book: www.swsec.com
personal: www.cigital.com/~gem

Gary McGraw is the CTO of Cigital, Inc., a software security consulting firm with headquarters in the Washington, D.C. area and offices throughout the world. He is a globally recognized authority on software security and the author of eight best selling books on this topic. His titles include Software Security, Exploiting Software, Building Secure Software, Java Security, Exploiting Online Games, and 6 other books; and he is editor of the Addison-Wesley Software Security series. Dr. McGraw has also written over 100 peer-reviewed scientific publications, authors a monthly security column for informIT, and is frequently quoted in the press. Besides serving as a strategic counselor for top business and IT executives, Gary is on the Advisory Boards of Dasient, Fortify Software (acquired by HP), Invincea, and Raven White. His dual PhD is in Cognitive Science and Computer Science from Indiana University where he serves on the Dean’s Advisory Council for the School of Informatics. Gary served on the IEEE Computer Society Board of Governors and produces the monthly Silver Bullet Security Podcast for IEEE Security & Privacy magazine (syndicated by informIT).

1.
Software [In]security: vBSIMM Take Two (BSIMM for Vendors Revised)
Jan 26, 2012
2.
Software [In]security: BSIMM versus SAFECode and Other Kaiju Cinema
Dec 26, 2011
3.
Software [In]security: Third-Party Software and Security
Nov 30, 2011
4.
Software [In]security: Software Security Training
Oct 31, 2011
5.
Software [In]security: BSIMM3
Sep 27, 2011
6.
Software [In]security: Balancing All the Breaking with some Building
Aug 30, 2011
7.
Software [In]security: Software Security Zombies
Jul 21, 2011
8.
Software [In]security: Partly Cloudy with a Chance of Security
Jun 17, 2011
9.
Software [In]security: Computer Security and International Norms
May 30, 2011
10.
Software [In]security: vBSIMM (BSIMM for Vendors)
Apr 12, 2011
11.
Software [In]security: Modern Malware
Mar 22, 2011
12.
Software [In]security: Software Patents and Fault Injection
Feb 28, 2011
13.
Software [In]security: Comparing Apples, Oranges, and Aardvarks (or, All Static Analysis Tools Are Not Created Equal)
Jan 31, 2011
14.
Software [In]security: Driving Efficiency and Effectiveness in Software Security
Dec 29, 2010
15.
Software [In]security: Cyber Warmongering and Influence Peddling
Nov 24, 2010
16.
Software [In]security: Technology Transfer
Oct 26, 2010
17.
Software [In]security: How to p0wn a Control System with Stuxnet
Sep 23, 2010
18.
Software [In]security: Software Security Crosses the Threshold
Aug 16, 2010
19.
Software [In]security: Obama Highlights Cyber Security Progress
Jul 16, 2010
20.
Software [In]security: Cyber War - Hype or Consequences?
Jun 17, 2010
21.
Software [In]security: BSIMM2
May 12, 2010
22.
Software [In]security: Assume Nothing
Apr 30, 2010
23.
Software [In]security: The Smart (Electric) Grid and Dumb Cybersecurity
Mar 26, 2010
24.
Software [In]security: What Works in Software Security
Feb 26, 2010
25.
Software [In]security: Cargo Cult Computer Security
Jan 28, 2010
26.
Software [In]security: You Really Need a Software Security Group
Dec 21, 2009
27.
Software [In]security: BSIMM Europe
Nov 10, 2009
28.
Software [In]security: Startup Lessons
Oct 22, 2009
29.
Software [In]security: BSIMM Begin
Sep 24, 2009
30.
Software [In]security: Attack Categories and History Prediction
Aug 25, 2009
31.
Software [In]security: Moving U.S. Cybersecurity Beyond Cyberplatitudes
Jul 16, 2009
32.
Software [In]security: Measuring Software Security
Jun 18, 2009
33.
Software [In]security: Twitter Security
May 15, 2009
34.
Software [In]security: Software Security Comes of Age
Apr 16, 2009
35.
Software [In]security: The Building Security In Maturity Model (BSIMM)
Mar 16, 2009
36.
Software [In]security: Nine Things Everybody Does: Software Security Activities from the BSIMM
Feb 9, 2009
37.
Software [In]security: Top 11 Reasons Why Top 10 (or Top 25) Lists Don’t Work
Jan 13, 2009
38.
Software [In]security: Software Security Top 10 Surprises
Dec 15, 2008
39.
Software [In]security: Web Applications and Software Security
Nov 14, 2008
40.
Software [In]security: A Software Security Framework: Working Towards a Realistic Maturity Model
Oct 15, 2008
41.
Software [In]security: Getting Past the Bug Parade
Sep 17, 2008
42.
Software [In]security: Software Security Demand Rising
Aug 11, 2008
43.
Software [In]security: Application Assessment as a Factory
Jul 17, 2008
44.
Software [In]security: DMCA Rent-a-cops Accept Fake IDs
Jun 12, 2008
45.
Why Is Security a Software Issue?
Jun 2, 2008
46.
Software [In]security: Securing Web 3.0
May 15, 2008
47.
Software [In]security: Paying for Secure Software
Apr 7, 2008
48.
Game Hacking 101
Nov 21, 2007
49.
The Role of Architectural Risk Analysis in Software Security
Mar 3, 2006
50.
Reverse Engineering and Program Understanding
Dec 23, 2004
51.
Security Expert Gary McGraw on Black Hats, the U.S. Government, and Good vs. Evil
Jun 11, 2004
52.
Introduction to Software Security
Nov 2, 2001
53.
Building Secure Software: Race Conditions
Nov 2, 2001
1.
The Silver Bullet Security Podcast with Gary McGraw (Audio): Show 037 - An Interview with Virgil Gligor
Apr 24, 2009
2.
The Silver Bullet Security Podcast with Gary McGraw (Audio): Show 036 - An Interview with Gary McGraw (by James McGovern)
Mar 20, 2009
3.
The Silver Bullet Security Podcast with Gary McGraw (Audio): Show 035 - An Interview with Daniel Suarez
Feb 26, 2009
4.
The Silver Bullet Security Podcast with Gary McGraw (Audio): Show 034 - An Interview with Bill Brenner
Jan 24, 2009
5.
The Silver Bullet Security Podcast with Gary McGraw (Audio): Show 033 - An Interview with Laurie Williams
Jan 23, 2009
6.
The Silver Bullet Security Podcast with Gary McGraw (Audio): Show 032 - An Interview with Jeremiah Grossman
Nov 18, 2008
7.
The Silver Bullet Security Podcast with Gary McGraw (Audio): Show 031 - An Interview with Matt Bishop
Oct 25, 2008
8.
The Silver Bullet Security Podcast with Gary McGraw (Audio): Show 030 - An Interview with Ken van Wyk
Oct 8, 2008
9.
The Silver Bullet Security Podcast with Gary McGraw (Audio): Show 029 - An Interview with Dennis Fisher
Aug 21, 2008
10.
OnSecurity (Audio + Video): How to Start a Secure Software Development Program (audio)
Aug 20, 2008
11.
The Silver Bullet Security Podcast with Gary McGraw (Audio): Show 028 - An Interview with Bill Cheswick (Audio)
Jul 15, 2008
12.
The Silver Bullet Security Podcast with Gary McGraw (Audio): Show 027 - An Interview with Gunnar Peterson (Audio)
Jun 18, 2008
13.
The Silver Bullet Security Podcast with Gary McGraw (Audio): Show 026 - An Interview with Adam Shostack (Audio)
May 16, 2008
14.
The Silver Bullet Security Podcast with Gary McGraw (Audio): Show 025 - An Interview with Jon Swartz (Audio)
Apr 18, 2008
15.
The Silver Bullet Security Podcast with Gary McGraw (Audio): Show 024 - An Interview with Mary Ann Davidson (Audio)
Mar 14, 2008
16.
The Silver Bullet Security Podcast with Gary McGraw (Audio): Show 023 - An Interview with Chris Wysopal (Audio)
Feb 19, 2008
17.
The Silver Bullet Security Podcast with Gary McGraw (Audio): Show 022 - An Interview with Ed Amoroso (Audio)
Jan 23, 2008
18.
The Silver Bullet Security Podcast with Gary McGraw (Audio): Show 021 - A Panel Discussion with Cigital’s Principals (Audio)
Dec 21, 2007
19.
OnSecurity (Audio + Video): Software Security and Cybercrime (video)
Dec 19, 2007
20.
OnSecurity (Audio + Video): Software Security: Building Security In (video)
Dec 12, 2007
21.
The Silver Bullet Security Podcast with Gary McGraw (Audio): Show 020 - An Interview with Markus Jakobsson (Audio)
Nov 16, 2007
22.
The Silver Bullet Security Podcast with Gary McGraw (Audio): Show 019 - An Interview with Mikko Hyppönen (Audio)
Oct 18, 2007
23.
OnSecurity (Audio + Video): Breaking Barriers to Security Implementation (video)
Oct 17, 2007
24.
OnSecurity (Audio + Video): The Implicit Demand of Software Security (video)
Oct 10, 2007
25.
The Silver Bullet Security Podcast with Gary McGraw (Audio): Show 018 - An Interview with Eugene Spafford (Audio)
Sep 25, 2007
26.
The Silver Bullet Security Podcast with Gary McGraw (Audio): Show 017 - An Interview with Eric Cole (Audio)
Aug 24, 2007
27.
The Silver Bullet Security Podcast with Gary McGraw (Audio): Show 016 - An Interview with Greg Hoglund (Audio)
Jul 12, 2007
28.
OnSecurity (Audio + Video): Online Gaming and Criminality (video)
Jul 3, 2007
29.
The Silver Bullet Security Podcast with Gary McGraw (Audio): Show 015 - An Interview with Annie Antón (Audio)
Jun 19, 2007
30.
The Silver Bullet Security Podcast with Gary McGraw (Audio): Show 014 - An Interview with Peter Neumann (Audio)
May 22, 2007
31.
The Silver Bullet Security Podcast with Gary McGraw (Audio): Show 013 - An Interview with Ross Anderson (Audio)
Apr 13, 2007
32.
The Silver Bullet Security Podcast with Gary McGraw (Audio): Show 012 - An Interview with Becky Bace (Audio)
Mar 13, 2007
33.
The Silver Bullet Security Podcast with Gary McGraw (Audio): Show 011 - An Interview with Dorothy Denning (Audio)
Feb 15, 2007
34.
The Silver Bullet Security Podcast with Gary McGraw (Audio): Show 010 - A Panel Discussion with Fortify Software’s Technical Advisory Board (Audio)
Jan 22, 2007
35.
The Silver Bullet Security Podcast with Gary McGraw (Audio): Show 009 - An Interview with Bruce Schneier (Audio)
Dec 14, 2006
36.
The Silver Bullet Security Podcast with Gary McGraw (Audio): Show 008 - An Interview with Brian Chess (Audio)
Nov 17, 2006
37.
The Silver Bullet Security Podcast with Gary McGraw (Audio): Show 007 - An Interview with John Stewart (Audio)
Oct 25, 2006
38.
The Silver Bullet Security Podcast with Gary McGraw (Audio): Show 006 - An Interview with Michael Howard (Audio)
Sep 28, 2006
39.
The Silver Bullet Security Podcast with Gary McGraw (Audio): Show 005 - An Interview with Ed Felten (Audio)
Aug 28, 2006
40.
The Silver Bullet Security Podcast with Gary McGraw (Audio): Show 004 - An Interview with Dana Epp (Audio)
Jul 31, 2006
41.
The Silver Bullet Security Podcast with Gary McGraw (Audio): Show 003 - An Interview with Marcus Ranum (Audio)
Jul 14, 2006
42.
The Silver Bullet Security Podcast with Gary McGraw (Audio): Show 002 - An Interview with Dan Geer (Audio)
Jun 12, 2006
43.
The Silver Bullet Security Podcast with Gary McGraw (Audio): Show 001 - An Interview with Avi Rubin (Audio)
Apr 19, 2006

Gary McGraw