Dr. Gary McGraw
Gary McGraw is the CTO of Cigital, Inc., a software security and quality consulting firm with headquarters in the Washington, D.C. area.
He is a globally recognized authority on software security and the author of six best selling books on this topic. The latest, Exploiting Online Games: Cheating Massively Distributed Systems was released in 2007. His other titles include Securing Java: Getting Down to Business with Mobile Code, Building Secure Software: How to Avoid Security Problems the Right Way, Exploiting Software: How to Break Code, and Software Security: Building Security In; and he is editor of the Addison-Wesley Software Security series.
Dr. McGraw has also written over 90 peer-reviewed scientific publications, authors a monthly security column for informIT, and is frequently quoted in the press.
Besides serving as a strategic counselor for top business and IT executives, Gary is on the Advisory Boards of Fortify Software and Raven White.
His dual PhD is in Cognitive Science and Computer Science from Indiana University where he serves on the Dean's Advisory Council for the School of Informatics. Gary is an IEEE Computer Society Board of Governors member and produces the monthly Silver Bullet Security Podcast for IEEE Security & Privacy magazine.
Software Security Testing in the Real World
The Trinity of Trouble---connectivity, complexity, and extensibility---directly increases the business risk associated with software. Managing software security risk requires understanding how attackers exploit technical vulnerabilities, and (more importantly) what impact those exploits will have on your business. World class software security testing incorporates the attackers' perspective in a risk-based approach. If you are worried about the impact that mobile devices, SOA, Web 2.0, and Software as a Service will have on security, there are good places to look for answers. The world of online game security shows us what we can expect tomorrow and what we should be doing about it today. This talk reveals the future of security testing so you can prepare for the coming storm.