Home > Authors

Gary McGraw

Gary McGraw, Ph.D.
CTO, Cigital

company: www.cigital.com
podcast: www.cigital.com/silverbullet
blog www.cigital.com/justiceleague
book: www.swsec.com
personal: www.cigital.com/~gem

Gary McGraw is the CTO of Cigital, Inc., a software security consulting firm with headquarters in the Washington, D.C. area and offices throughout the world. He is a globally recognized authority on software security and the author of eight best selling books on this topic. His titles include Software Security, Exploiting Software, Building Secure Software, Java Security, Exploiting Online Games, and 6 other books; and he is editor of the Addison-Wesley Software Security series. Dr. McGraw has also written over 100 peer-reviewed scientific publications, authors a monthly security column for informIT, and is frequently quoted in the press. Besides serving as a strategic counselor for top business and IT executives, Gary is on the Advisory Boards of Dasient, Fortify Software (acquired by HP), Invincea, and Raven White. His dual PhD is in Cognitive Science and Computer Science from Indiana University where he serves on the Dean’s Advisory Council for the School of Informatics. Gary served on the IEEE Computer Society Board of Governors and produces the monthly Silver Bullet Security Podcast for IEEE Security & Privacy magazine (syndicated by informIT).

1.
Software [In]security: vBSIMM Take Two (BSIMM for Vendors Revised)
Jan 26, 2012
2.
Software [In]security: BSIMM versus SAFECode and Other Kaiju Cinema
Dec 26, 2011
3.
Software [In]security: Third-Party Software and Security
Nov 30, 2011
4.
Software [In]security: Software Security Training
Oct 31, 2011
5.
Software [In]security: BSIMM3
Sep 27, 2011
6.
Software [In]security: Balancing All the Breaking with some Building
Aug 30, 2011
7.
Software [In]security: Software Security Zombies
Jul 21, 2011
8.
Software [In]security: Partly Cloudy with a Chance of Security
Jun 17, 2011
9.
Software [In]security: Computer Security and International Norms
May 30, 2011
10.
Software [In]security: vBSIMM (BSIMM for Vendors)
Apr 12, 2011
11.
Software [In]security: Modern Malware
Mar 22, 2011
12.
Software [In]security: Software Patents and Fault Injection
Feb 28, 2011
13.
Software [In]security: Comparing Apples, Oranges, and Aardvarks (or, All Static Analysis Tools Are Not Created Equal)
Jan 31, 2011
14.
Software [In]security: Driving Efficiency and Effectiveness in Software Security
Dec 29, 2010
15.
Software [In]security: Cyber Warmongering and Influence Peddling
Nov 24, 2010
16.
Software [In]security: Technology Transfer
Oct 26, 2010
17.
Software [In]security: How to p0wn a Control System with Stuxnet
Sep 23, 2010
18.
Software [In]security: Software Security Crosses the Threshold
Aug 16, 2010
19.
Software [In]security: Obama Highlights Cyber Security Progress
Jul 16, 2010
20.
Software [In]security: Cyber War - Hype or Consequences?
Jun 17, 2010
21.
Software [In]security: BSIMM2
May 12, 2010
22.
Software [In]security: Assume Nothing
Apr 30, 2010
23.
Software [In]security: The Smart (Electric) Grid and Dumb Cybersecurity
Mar 26, 2010
24.
Software [In]security: What Works in Software Security
Feb 26, 2010
25.
Software [In]security: Cargo Cult Computer Security
Jan 28, 2010
26.
Software [In]security: You Really Need a Software Security Group
Dec 21, 2009
27.
Software [In]security: BSIMM Europe
Nov 10, 2009
28.
Software [In]security: Startup Lessons
Oct 22, 2009
29.
Software [In]security: BSIMM Begin
Sep 24, 2009
30.
Software [In]security: Attack Categories and History Prediction
Aug 25, 2009
31.
Software [In]security: Moving U.S. Cybersecurity Beyond Cyberplatitudes
Jul 16, 2009
32.
Software [In]security: Measuring Software Security
Jun 18, 2009
33.
Software [In]security: Twitter Security
May 15, 2009
34.
Software [In]security: Software Security Comes of Age
Apr 16, 2009
35.
Software [In]security: The Building Security In Maturity Model (BSIMM)
Mar 16, 2009
36.
Software [In]security: Nine Things Everybody Does: Software Security Activities from the BSIMM
Feb 9, 2009
37.
Software [In]security: Top 11 Reasons Why Top 10 (or Top 25) Lists Don’t Work
Jan 13, 2009
38.
Software [In]security: Software Security Top 10 Surprises
Dec 15, 2008
39.
Software [In]security: Web Applications and Software Security
Nov 14, 2008
40.
Software [In]security: A Software Security Framework: Working Towards a Realistic Maturity Model
Oct 15, 2008
41.
Software [In]security: Getting Past the Bug Parade
Sep 17, 2008
42.
Software [In]security: Software Security Demand Rising
Aug 11, 2008
43.
Software [In]security: Application Assessment as a Factory
Jul 17, 2008
44.
Software [In]security: DMCA Rent-a-cops Accept Fake IDs
Jun 12, 2008
45.
Why Is Security a Software Issue?
Jun 2, 2008
46.
Software [In]security: Securing Web 3.0
May 15, 2008
47.
Software [In]security: Paying for Secure Software
Apr 7, 2008
48.
Game Hacking 101
Nov 21, 2007
49.
The Role of Architectural Risk Analysis in Software Security
Mar 3, 2006
50.
Reverse Engineering and Program Understanding
Dec 23, 2004
51.
Security Expert Gary McGraw on Black Hats, the U.S. Government, and Good vs. Evil
Jun 11, 2004
52.
Introduction to Software Security
Nov 2, 2001
53.
Building Secure Software: Race Conditions
Nov 2, 2001
Gary McGraw

Gary McGraw