SecAppDev 2023 Faculty
Gary McGraw
CEO, Berryville Institute of Machine Learning
Gary McGraw is author of the best selling security books: Software Security (Addison-Wesley, 2006), Exploiting Software (Addison-Wesley, 2004), Building Secure Software (Addison-Wesley, 2001), Java Security (Wiley, 1996) and seven other books. CEO and Founder of the Berryville Institute of Machine Learning, Dr. McGraw is a world authority in software and application security.
Security engineering for machine learning
Keynote lecture by Gary McGraw in room Lemaire
Monday June 12th, 09:15 - 10:30
How can the adoption of machine learning introduce systematic risk into our applications? This session discusses the results of applying architectural risk analysis to identify the top risks in engineering ML systems.
Key takeaway: The results of an architectural risk analysis (sometimes called a threat model) of ML systems, including the top five (of 78 known) ML security risks
How to avoid the top ten software security flaws
Introductory lecture by Gary McGraw in room Lemaire
Tuesday June 13th, 11:00 - 12:30
Only 50% of software security defects are bugs. The other half are flaws in the design. This session builds on work from IEEE, Google, Twitter, Harvard, & others to present the top 10 security flaws along with guidelines to avoid them.
Key takeaway: A security top 10, but not as you know it. In this session, we explore the top 10 design flaws, along with guidelines on avoiding them in your applications.
42 things
Introductory lecture by Gary McGraw in room West Wing
Wednesday June 14th, 11:00 - 12:30
This session covers 42 things about appsec. SIX software security zombies. TEN software security flaws. SEVEN software security myths. SEVEN startup lessons. FOUR CISO tribes. SEVEN things I learned in 21 years. Oh, and ONE BONUS THING.
Key takeaway: A treasure trove of advice based on the experience of a pioneer in the field of software security, or "42 things" in short