Back To Schedule
Friday, September 19 • 8:00am - 9:00am
Keynote: Gary McGraw - Bug Parades, Zombies, and the BSIMM: A Decade of Software Security

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Only thirteen years ago, the idea of building security in was brand new.  Back then, if system architects and developers thought about security at all, they usually concentrated on the liberal application of magic crypto fairy dust.  We have come a long way since then.  Perhaps no segment of the security industry has evolved more in the last decade than the discipline of software security.  Several things happened in the early part of the decade that set in motion a major shift in the way people build software: the release of my book Building Secure Software, the publication of Bill Gates's Trustworthy Computing memo, the publication of Lipner and Howard’s Writing Secure Code, and a wave of high-profile attacks such as Code Red and Nimda that forced Microsoft, and ultimately other large software companies, to get religion about software security.  Now, ten years later, Microsoft has made great strides in software security and building security in---and they’re publishing their ideas in the form of the SDL. Right about in the middle of the last ten years (five years in) we all collectively realized that the way to approach software security was to integrate security practices that I term the "Touchpoints" into the software development lifecycle.  Now, at the end of a decade of great progress in software security, we have a way of measuring software security initiatives called the BSIMM <http://bsimm.com>.  BSIMM is helping transform the field from an art into a measurable science.  This talk provides an entertaining review of the software security journey from its "bug of the day" beginnings to the multi-million dollar software security initiatives of today.

avatar for Gary McGraw

Gary McGraw

Chief Technology Officer, Cigital, Inc.
Gary McGraw is the CTO of Cigital, Inc., a software security consulting firm with headquarters in the Washington, D.C. area and offices throughout the world. He is a globally recognized authority on software security and the author of eight best selling books on this topic. His titles... Read More →

Friday September 19, 2014 8:00am - 9:00am MDT
Colorado Ballroom [Assembled Conference] Denver Marriott City Center