Contact UsComputer Science Department
500 College Avenue
Swarthmore, PA 19081
Email: info at cs.swarthmore.edu
Copyright 2009 Swarthmore College. All rights reserved.
Talk by Gary McGraw of Cigital, Inc.Attack Trends or Why Software Security
Friday, Apr 8, 2011
4:30 pm, Sci Center 199
In some sense, software is the lifeblood of most modern complex systems. Software can fail, but worse yet, software can be intentionally made to fail by attackers. Instead of defending our systems by isolating them from the network (an impossible task), we must build security in from the beginning. Both social networking and mobile device security provide important security lessons that can inform a reasoned approach. Modern malicious code, including the Zeus Trojan, Stuxnet, and other persistent web threats, is as sophisticated as it is insidious. And future trends in attacks are even more alarming, leveraging rootkits, multi-core attacks, and hard-to-diagnose timing issues. Our sole recourse is software security. The good news is that we actually know what to do to build security in.
Gary McGraw is the CTO of Cigital, Inc., a software security consulting firm with headquarters in the Washington, D.C. area. He is a recognized authority on software security and the author of eight best selling books on this topic. His titles include Java Security, Building Secure Software, Exploiting Software, Software Security, and Exploiting Online Games; and he is editor of the Addison-Wesley Software Security series. Dr. McGraw has also written over 100 peer-reviewed scientific publications, authors a monthly security column for informIT, and is frequently quoted in the press. Besides serving as a strategic counselor for top business and IT executives, Gary is on the Advisory Boards of Fortify Software (acquired by HP), Invincea, and Raven White. His dual PhD is in Cognitive Science and Computer Science from Indiana University where he serves on the Dean's Advisory Council for the School of Informatics. Gary served on the IEEE Computer Society Board of Governors and produces the monthly Silver Bullet Security Podcast for IEEE Security & Privacy magazine (syndicated by informIT).
This talk is presented by the FLICS Program: Fantastic Lectures in Computer Science, jointly hosted by: Bryn Mawr College, Haverford College, Swarthmore College, and Villanova University.