Opening Keynote - Dr. Gary McGraw
A Brief History of Software, Security, and Software Security: Bits, Bytes, Bugs, and the BSIMM
Software is a reasonably new human artifact that seems to grow more complex every year, even as our smart phones and the Internet of Things become easier and easier to use. These days, it’s hard to live without software. At the same time that software has become the lifeblood of modern economies, very serious security concerns have emerged. So what happens when software and security intersect?
This talk will trace the history of software security from its inception 15 years ago to a multi-billion dollar industry that impacts us all daily. In the early days of software, if system architects and developers thought about security at all, they usually concentrated on the liberal application of magic crypto fairy dust. We have come a long way since then. Several things happened in the early part of the decade that set in motion a major shift in the way people build software: the release of my book Building Secure Software, the publication of Bill Gates's Trustworthy Computing memo, and a wave of high-profile attacks such as Code Red and Nimda that forced Microsoft, and ultimately other large software companies, to get religion about software security.
Ten years ago we all collectively realized that the way to approach software security was to integrate security practices that I term the “Touchpoints” into the software development lifecycle. Now, at the end of fifteen years of great progress in software security, we have a way of measuring software security initiatives called the BSIMM. BSIMM is helping transform the field from an art into a measurable science.
This talk provides an entertaining look at the software security journey from its "bug of the day" beginnings to the multi-million dollar software security initiatives charged with corralling and controlling devops, agile methodologies, and tomorrow’s hyperfast development schedules.