CSC News

March 23, 2011

Security Expert Gary McGraw to Speak at NC State

World-renowned software security expert Gary McGraw will present two talks on Monday, March 28, 2011, on NC State University’s Centennial Campus. The talks are free and open to the public.

The fist talk, Software Security and the Building Security in Maturity Model (BSIMM) will be presented in Engineering Building 1, Room 1007 from 10:40 -11:30 a.m. (Directions)
Abstract: Using the framework described in his book “Software Security: Building Security In”, McGraw will discuss and describe the state of the practice in software security.  This talk is peppered with real data from the field, based on his work with several large companies as a Cigital consultant. As a discipline, software security has made great progress over the last decade.  Of the 60 large-scale software security initiatives we are aware of, 32 - all household names - are currently included in the BSIMM study. Those companies among the 32 who graciously agreed to be identified include: Adobe, Aon, Bank of America, Capital One, The Depository Trust & Clearing Corporation (DTCC), EMC, Google, Intel, Intuit, McKesson, Microsoft, Nokia, QUALCOMM, Sallie Mae, Standard Life, SWIFT, Symantec, Telecom Italia, Thomson Reuters, VMware, and Wells Fargo. The BSIMM was created by observing and analyzing real-world data from 32 leading software security initiatives. The BSIMM can help you determine how your organization compares to other real-world software security initiatives and what steps can be taken to make your approach more effective.
McGraw’s second talk, Attack Trends 2011 – or – Why Software Security will be presented in Engineering Building 2, Room 1231 at 5:20 p.m. (Directions)
Abstract: In some sense, software is the lifeblood of most modern complex systems. Software can fail, but worse yet, software can be intentionally made to fail by attackers. Instead of defending our systems by isolating them from the network (an impossible task), we must build security in from the beginning. Both social networking and mobile device security provide important security lessons that can inform a reasoned approach. Modern malicious code, including the Zeus Trojan, Stuxnet, and other persistent web threats, is as sophisticated as it is insidious. And future trends in attacks are even more alarming, leveraging rootkits, multi-core attacks, and hard-to-diagnose timing issues. Our sole recourse is software security. The good news is that we actually know what to do to build security in.
McGraw is the CTO of Cigital, Inc., a software security-consulting firm with headquarters in the Washington, DC area and offices throughout the world. He is a globally recognized authority on software security and the author of eight best selling books on this topic. His titles include Software Security, Exploiting Software, Building Secure Software, Java Security, Exploiting Online Games, and six other books; and he is editor of the Addison-Wesley Software Security series. Dr. McGraw has also written over 100 peer-reviewed scientific publications, writes a monthly security column for informIT, and is frequently quoted in the press. Besides serving as a strategic counselor for top business and IT executives, Gary is on the Advisory Boards of Dasient, Fortify Software (acquired by HP), Invincea, and Raven White. His dual PhD is in Cognitive Science and Computer Science from Indiana University where he serves on the Dean’s Advisory Council for the School of Informatics. Gary served on the IEEE Computer Society Board of Governors and produces the monthly Silver Bullet Security Podcast for IEEE Security & Privacy magazine (syndicated by informIT).
For more information on McGraw, click here.
For more information on McGraw's upcoming college talks, click here.


Return To News Homepage