Attack Trends 2011 -or- Why Software Security

Friday, October 28, 2011 - 10:34am


Wednesday, November 9, 2011
3:30 – 4:30 PM
Computer Science Conference Room, Harold Frank Hall Rm. 1132

HOST: Giovanni Vigna

SPEAKER: Gary McGraw, Ph.D.
CTO, Cigital

Title: Attack Trends 2011 -or- Why Software Security


In some sense, software is the lifeblood of most modern complex systems.
Software can fail, but worse yet, software can be intentionally made to
fail by attackers. Instead of defending our systems by isolating them
from the network (an impossible task), we must build security in from
the beginning. Both social networking and mobile device security provide
important security lessons that can inform a reasoned approach. Modern
malicious code, including the Zeus Trojan, Stuxnet, and other persistent
web threats, is as sophisticated as it is insidious. And future trends
in attacks are even more alarming, leveraging rootkits, multi-core
attacks, and hard-to-diagnose timing issues. Our sole recourse is
software security. The good news is that we actually know what to do to
build security in.


Gary McGraw is the CTO of Cigital, Inc., a software security consulting
firm with headquarters in the Washington, D.C. area and offices
throughout the world. He is a globally recognized authority on software
security and the author of eight best selling books on this topic. His
titles include Software Security, Exploiting Software, Building Secure
Software, Java Security, Exploiting Online Games, and 6 other books; and
he is editor of the Addison-Wesley Software Security series. Dr. McGraw
has also written over 100 peer-reviewed scientific publications, authors
a monthly security column for informIT, and is frequently quoted in the
press. Besides serving as a strategic counselor for top business and IT
executives, Gary is on the Advisory Boards of Dasient, Fortify Software
(acquired by HP), Invincea, and Raven White. His dual PhD is in
Cognitive Science and Computer Science from Indiana University where he
serves on the Dean¹s Advisory Council for the School of Informatics.
Gary served on the IEEE Computer Society Board of Governors and produces
the monthly Silver Bullet Security Podcast for IEEE Security & Privacy
magazine (syndicated by informIT).