CodenomiCON Europe 2017

< back to home page

Opening Keynote - Dr. Gary McGraw

A Brief History of Software, Security, and Software Security: Bits, Bytes, Bugs, and the BSIMM

Software is a reasonably new human artifact that seems to grow more complex every year, even as our smart phones and the Internet of Things become easier and easier to use. These days, it’s hard to live without software. At the same time that software has become the lifeblood of modern economies, very serious security concerns have emerged. So what happens when software and security intersect?

This talk will trace the history of software security from its inception 15 years ago to a multi-billion dollar industry that impacts us all daily. In the early days of software, if system architects and developers thought about security at all, they usually concentrated on the liberal application of magic crypto fairy dust. We have come a long way since then. Several things happened in the early part of the decade that set in motion a major shift in the way people build software: the release of my book Building Secure Software, the publication of Bill Gates's Trustworthy Computing memo, and a wave of high-profile attacks such as Code Red and Nimda that forced Microsoft, and ultimately other large software companies, to get religion about software security.

Ten years ago we all collectively realized that the way to approach software security was to integrate security practices that I term the “Touchpoints” into the software development lifecycle. Now, at the end of fifteen years of great progress in software security, we have a way of measuring software security initiatives called the BSIMM. BSIMM is helping transform the field from an art into a measurable science.

This talk provides an entertaining look at the software security journey from its "bug of the day" beginnings to the multi-million dollar software security initiatives charged with corralling and controlling devops, agile methodologies, and tomorrow’s hyperfast development schedules.


Gary McGraw.jpgDr. Gary McGraw, Vice President of Security Technology, Synopsys Software Integrity Group
Dr. Gary McGraw is a globally recognized authority on software security and the author of eight bestselling books on this topic. His titles include Software Security, Exploiting Software, Building Secure Software, Java Security, Exploiting Online Games, and 6 other books; and he is editor of the Addison-Wesley Software Security series. Dr. McGraw has also written over 100 peer-reviewed scientific publications, authors a periodic security column for SearchSecurity, and is frequently quoted in the press. Besides serving as a strategic counselor for top business and IT executives, Dr. McGraw is on the Advisory Boards of Max Financial, NTrepid, and Ravenwhite. He has also served as Advisor to Dasient (acquired by Twitter), Fortify Software (acquired by HP), and Invotas (acquired by FireEye). He holds a dual PhD in Cognitive Science and Computer Science from Indiana University, where he serves on the Dean’s Advisory Council for the School of Informatics. Dr. McGraw served on the IEEE Computer Society Board of Governors and produces the monthly Silver Bullet Security Podcast for IEEE Security & Privacy Magazine (syndicated by SearchSecurity).


Reserve your place