Attack Trends or Why Software Security
Gary McGraw, Cigital
Friday, April 8, 4:30pm
Science Center, Room 199, Swarthmore College
In some sense, software is the lifeblood of most modern complex systems. Software can fail, but worse yet, software can be intentionally made to fail by attackers. Instead of defending our
systems by isolating them from the network (an impossible task), we must build security in from the beginning. Both social networking and mobile device security provide important security lessons that can inform a reasoned approach. Modern malicious code, including the Zeus Trojan, Stuxnet, and other persistent web threats, is as sophisticated as it is insidious. And future trends in attacks are even more alarming, leveraging rootkits, multi-core attacks, and hard-to-diagnose timing issues. Our sole recourse is software security. The good news is that we actually know what to do to build security in.
Gary McGraw is the CTO of Cigital, Inc., a software security consulting firm with headquarters in the Washington, D.C. area. He is a recognized authority on software security and the author of eight best selling books on this topic. His titles include Java Security, Building Secure Software, Exploiting Software, Software Security, and Exploiting Online Games; and he is editor of the Addison-Wesley Software Security series. Dr. McGraw has also written over 100 peer-reviewed scientific publications, authors a monthly security column for informIT, and is frequently quoted in the press. Besides serving as a strategic counselor for top business and IT executives, Gary is on the Advisory Boards of Fortify Software (acquired by HP), Invincea, and Raven White. His dual PhD is in Cognitive Science and Computer Science from Indiana University where he serves on the Dean's Advisory Council for the School of Informatics. Gary served on the IEEE Computer Society Board of Governors and produces the monthly Silver Bullet Security Podcast for IEEE Security & Privacy magazine (syndicated by informIT).