Gary McGraw

CTO, Citigal

Software Security
36 minutes, 16.8mb, recorded 2006-01-26
Gary McGraw

Security is a major concern in the IT industry, but most people think of securing the network rather than the software we all use every day. Gary McGraw argues that we need to move beyond the firewall and build security into software as it is being created in order to achieve a more secure environment.

Most security practitioners focus on the network, though most attackers aim their attacks at the code. In order to combat these attacks, it is the code that need to be strengthened. Dr. McGraw offers seven concrete ways that software engineers can make their code secure from the design stage through to implementation.


Gary McGraw, Cigital, Inc.'s CTO, researches software security and sets technical vision in the area of Software Quality Management. Dr. McGraw is co-author of five best selling books: Exploiting Software (Addison-Wesley, 2004), Building Secure Software (Addison-Wesley, 2001), Software Fault Injection (Wiley 1998), Securing Java (Wiley, 1999), and Java Security (Wiley, 1996). His new book Software Security: Building Security In (Addison-Wesley 2006) will be released in February 2006. A world authority on software and application security, Dr. McGraw consults with major software producers and consumers.

Dr. McGraw has written over seventy-five peer-reviewed technical publications and functions as principal investigator on grants from Air Force Research Labs, DARPA, National Science Foundation, and NIST's Advanced Technology Program. He serves on Advisory Boards of Authentica, Counterpane, and Fortify Software, as well as advising the CS Department at UC Davis, the CS Department at UVa, and the School of Informatics at Indiana University. Dr. McGraw holds a dual PhD in Cognitive Science and Computer Science from Indiana University and a BA in Philosophy from UVa. He is a member of the IEEE Security and Privacy Task Force, and was recently elected to the IEEE Computer Society Board of Governors. He writes a monthly security column for IT Architect magazine, is the editor of Building Security In for IEEE Security & Privacy magazine, and is often quoted in the press.

This free podcast is from our Frontline Security series.

For The Conversations Network:

  • Post-production audio engineer: Stuart Hunter
  • Website editor: Darusha Wehm