I am very pleased when people notice my work and talk about it. Part of my life as a technologist is to help cut through reams of security baloney and explain things as clearly as possible to normal people in everyday language.

Over the years, my work has been extensively covered in the popular press. I am most proud of a long interview in  The Wall Street Journal entitled How to Make Safer Software published Monday July 18, 2005 as well as several appearances on TV, including a segment on MSNBC February 24, 2013.

I welcome press contact and continue to interact with the press on a regular basis.

Gary McGraw discusses Cyber War during "Up with Chris Hayes" 2.24.13 on MSNBC

Press Archive

Here is a sample of some other press stories.
2/21/2024 Episode 256: Recursive Pollution? Data Feudalism? Gary McGraw On LLM Insecurity, Security Ledger Podcast, Episode 256, Paul Roberts
2/14/2024 Microsoft says US rivals are beginning to use generative AI in offensive cyber operations, Associated Press
2/6/2024 Decipher Podcast: Gary McGraw on AI Security, Decipher Security Podcast, Dennis Fisher
1/29/2024 NIST joins “proceed with caution” chorus on AI, Medium blog, Taylor Armerding
1/24/2024 For AI Risk, ‘The Real Answer Has to be Regulation, Decypher, Dennis Fisher
1/24/2024 Researchers Map AI Threat Landscape, Risks, darkreading (lemos)
1/24/2024 Machine Learning Think Tank Warns of Serious Risks With Large Language Models, EIN News Press Release, BIML
1/19/2024 First Step in Securing AI/ML Tools Is Locating Them, darkreading
11/27/2023 EP150 Taming the AI Beast: Threat Modeling for Modern AI Systems with Gary McGraw, Google cloud security podcast, Episode 150
11/4/2023 White House AI Executive Order Puts Focus on Cybersecurity, Decipher (duo.com)
10/26/2023 IriusRisk Brings Threat Modeling to Machine Learning Systems, darkreading
8/18/2023 PKI Maturity Model Aims to Improve Crypto Infrastructure, darkreading (lemos)
8/13/2023 Don’t expect quick fixes in ‘red-teaming’ of AI models. Security was an afterthought, Associated Press
4/20/2023 Expert Insight: Dangers of Using Large Language Models Before They Are Baked, darkreading
2/3/2023 AI code assistants need security training, readme security (robert lemos)
1/23/2023 ChatGPT embraced by hackers, but some AI experts say it’s not botmageddon—yet, medium
1/11/2023 Better Phishing, Easy Malicious Implants: How AI Could Change Cyberattacks, darkreading
12/17/2022 Welcome, Font Robots, medium
2/15/2022 Machine Learning in 2022: Data Threats and Backdoors?, darkreading
2/2/2022 Expert Insights: Training the Data Elephant in the AI Room, darkreading
9/23/2021 IriusRisk expands its Technical Advisory Board with three new members, HelpNet Security
4/27/2021 Expect an Increase in Attacks on AI Systems, darkreading
4/27/2021 DtSR Episode 444 – TPA Gary is Awful at Retirement, Down the Security Rabbit Hole Podcast
3/30/2021 Gary McGraw on Building Secure AI Systems and His 20-Year Battle to Improve Software Security, MissionNorth
3/30/2021 In Clarke County, a small research group is working to make technology more secure, Winchester Star
3/29/2021 In wake of giant software hacks, application security tactics due for an overhaul, SC Magazine
3/26/2021 SolarWinds CEO gives chief security officer authority and air cover to make software security a priority, TechRepublic
3/26/2021 In Wake of Solarwinds Breach, the Challenge of Building Secure Software Remains, decipher
3/25/2021 Cocktails and Architecture (webinar), Irius Risk
1/29/2021 Berryville Institute of Machine Learning (BIML) Gets $150,000 Open Philanthropy Grant, darkreading
1/26/2021 Dr Gary McGraw Appointed to IriusRisk Threat Modeling Technical Advisory Board, Infosecurity Magazine
9/25/2020 Letter: Scare tactics have nothing to do with car repair, Boston Herald, September 25, 2020
6/12/2020 Cyberthreats in 2025 (a roundtable discussion), IEEE Computer 53(6), June 2020
4/13/2020 Next Front for Computer Security: Machine Learning, IEEE Innovation Spotlight
4/9/2020 15. How to secure AI against bad actors, We Wonder Podcast
3/31/2020 Episode 180: Gary McGraw on Machine Learning Security Risks, Security Ledger Podcast
3/11/2020 Security Guru Gary McGraw on What’s Needed To Secure Machine Learning Apps, Pure AI
2/21/2020 Want to improve quality and security of machine learning? Design it better, Medium
2/14/2020 BIML Releases First Risk Framework for Securing Machine Learning Systems, Cyberwire
2/13/2020 Architectural Analysis IDs 78 Specific Risks in Machine-Learning Systems, darkreading
1/25/2020 Tech expert: Don’t overlook security in rush to adopt AI, Winchester Star
1/23/2020 Expert: Don’t overlook security in rush to adopt AI, Northern Virginia Daily
1/22/2020 Security of machine learning topic of LFCC’s next Tech Bytes, Winchester Star
1/20/2020 LFCC talk to focus on technology, Fauquier Times
1/20/2020 Security of machine learning topic of next Tech Bytes, Northern Virginia Daily
7/17/2019 FTC’s “Nixing the Fix” Workshop hears concerns raised by Right to Repair advocates, Medium
7/16/2019 FTC’s Nix the Fix workshop video (see 1:39 for remarks), US Federal Trace Commission
4/30/2019 Introducing Securepairs.org: A Group of Security Professionals Who Support Right to Repair, IFixITOrg
3/22/2019 A conversation with software security pioneer Gary McGraw, Security Voices
1/17/2019 Local Habitat for Humanity chapter sees growth, Winchester Star
12/11/2018 Security 2019 Predictions (Part 6), DZone
12/9/2018 120 AI Predictions For 2019, Forbes
11/12/2018 What Can Retail Software Security Initiatives Gain from the BSIMM?, ITQuick
11/7/2018 Lessons from BSIMM 9: How cloud affects software security, TechBeacon
11/6/2018 SSD encryption security failures revealed by researchers, SC UK
10/27/2018 How To Prevent Your Business Becoming Collateral Damage Of Geopolitical Cyber Conflict, Forbes
10/19/2018 BSIMM9: A Decade of Software Security Science, Dzone
10/18/2018 Collective Intelligence Podcast, Gary McGraw on BSIMM9 and Supply Chain Security, Collective Intelligence Podcast
10/17/2018 Data science is changing how cybersecurity teams hunt threats, siliconrepublic
10/16/2018 BSIMM9 Study Highlights Impact of Cloud Transformation and Growth of Software Security Community, IT Security Guru
10/10/2018 Russian Cyber Attacks: Is the West Vulnerable?, Defence iQ
10/10/2018 Podcast: Key Takeaways For DevOps in BSIMM9, ThreatPost
10/9/2018 Cybersecurity: Not Just “A” Job – Many Jobs Of The Future, Forbes
10/9/2018 Google+ Privacy Snafu Leaves a Cloud Over the Tech Landscape, ThreatPost
10/3/2018 BSIMM9: Not a how-to but a roadmap to a better SSI, Security Boulevard
10/3/2018 Cloud, Containers, Orchestration Big Factors in BSIMM9, ThreatPost
10/3/2018 Latest Building Security In Maturity Model reflects software security initiatives of 120 firms, HelpNetSecurity
10/2/2018 Synopsys study highlights growth of software security community, Intelligent CISO
10/2/2018 Episode 114: Complexity at Root of Facebook Breach and LoJax is a RAT You Can’t Kill, Security Ledger
10/2/2018 Building Security in Maturity Model Expands for Cloud Era, eWeek
10/2/2018 Software Security Best Practices Are Changing, Finds New Report, ECT News Network
10/1/2018 Industry experts comment on Facebook security breach, intelligent CISO
9/29/2018 2.2 billion Facebook users must log out, re-login across devices: Experts, Times Now News.com
9/29/2018 Industry Leaders Reaction on Recent Facebook Hack, Information Security Buzz
9/29/2018 2.2 bn Facebook users must log out, re-login across devices: Experts, The Asian Independent
9/28/2018 Things get ‘seriously’ insecure yet again for Facebook, Security Boulevard
9/28/2018 Massive Facebook Breach Affects 90 Million Accounts, the Security Ledger
9/28/2018 Facebook Data Breach Impacts Almost 50 Million Accounts, ThreatPost
9/28/2018 ZUCKED UP Facebook hack LATEST – attackers got complete access to 50MILLION accounts’ profiles, posts, photos and messages in security breach, The Sun
9/28/2018 U.S. Vows To Go On Cyber Offense, Forbes
9/19/2018 US State Department Suffers Email System Breach, Silicon
9/19/2018 State Department Email Breach Hit Hundreds of Staff, InfoSecurity
9/18/2018 State Department confirms Data Breach, BW CIO World
8/20/2018 6 common habits that put you at risk for identity theft, NBC News
8/17/2018 Oracle Open-Sources GraphPipe to Support ML Development, ECT News Network
7/12/2018 Ghostbusters 2: how to deal with Spectre, the sequel, SC media UK
6/28/2018 Exactis Leaks Personal Information Database with 340 million Records, FIRE news
6/28/2018 Exactis Leaks Personal Information Database with 340 million Records, Businessworld CIO world
6/22/2018 No more selling mobile location data, promise carriers, TechTarget
6/1/2018 Federal cybersecurity report says nearly 75% of agencies at risk, TechTarget
5/22/2018 The four types of chief information security officers, livemint
5/8/2018 Shopper or shoplifter: Origins of the browser part 1, ITProPortal
5/8/2018 Build security into software up front: Believe it or not, it’s cheaper and faster, helpnetsecurity
4/10/2018 Cyber Expert Defines CISO ‘Tribes,’ Talks Software Life Cycle, Cyber Security Hub
4/10/2018 Task Force 7 Radio, episode 27 (starts 18:30), TF7Radio
3/21/2018 The State of SecOps 2018: Your security team matters most, Techbeacon
2/28/2018 The State of Application Penetration Testing, darkreading
2/8/2018 AutoSploit: Making Massive Cyber Attacks Too Easy?, eSecurityPlanet
2/1/2018 Software security measuring stick takes off, but is it all that?, TechBeacon
1/30/2018 Collective Intelligence Podcast, Episode 1 Gary McGraw, Collective Intelligence Podcast
1/17/2018 Two-year study explores the roles of information security leaders and how they are affected by organizational dynamics, Electronics Media
1/12/2018 The Week In Review: Design, Semiconductor Engineering
1/17/2018 Which CISO ‘Tribe’ Do You Belong To?, Dark Reading
12/22/2017 Predictions A – Z for 2018 – Dystopian or Utopian dawn?, SC Media UK
12/21/2017 Looking ahead in 2018 – Software integrity, automation and skills upgrading, FintechAsia
11/13/2017 With eroding perimeters, will software defend against cyber threats?, Medium
11/1/2017 US government wants “keys under doormat” approach to encryption, Naked Security
10/31/2017 Leukemia Cup: Celebrating 25 years of service, Scuttlebutt Sailing News
10/18/2017 SingCERT issues recommendations to enhance security of Wi-Fi systems in Singapore, Connected to India
10/18/2017 SingCERT recommends steps to secure Wi-Fi networks, International Business Times
10/18/2017 All Wi-Fi at Risk from Krack Attack, BW CI World
10/17/2017 Major Wi-Fi security flaw affects billions worldwide, including almost every Internet user in Singapore, The Business Times (Singapore)
10/17/2017 Hacks, Electronics Weekly
10/17/2017 WPA2 weakness means that every modern Wi-Fi network may be subject to attack, Continuity Central
10/17/2017 How to protect your Wi-Fi network from a Krack attack, Computer Weekly
10/17/2017 Major Wi-Fi security flaws affect billions worldwide, including almost every Internet user in Singapore, The Straits Times (Singapore)
10/5/2017 Russian Hackers Pilfered Data from NSA Contractor’s Home Computer: Report, Darkreading
10/5/2017 Fighting the cyber war in the digital age, What Investment
9/29/2017 Fighting the cyber war in the digital age, Information Age
9/21/2017 Benchmarking Critical Exercise in Early Stages of Software Security: BSIMM8, darkreading
9/21/2017 Software Security Maturity Ticks Upward in 2017, InfoSecurity Group
9/21/2017 New security data from Synopsys, cloud trends from DigitalOcean and a new APM tool from ZeroTurnaround — SD Times News Digest: September 21, 2017, SD Times
9/21/2017 BSIMM8 Study Reinforces Benchmarking as a Critical Exercise in Early Stages of Software Security Initiatives, Business Insider
9/21/2017 Never too early: Synopsys’ BSIMM8 study champions benchmarking in the early stages of Software Security Initiatives, IT Security Guru
9/12/2017 The three big questions Equifax hasn’t answered, Craig Timberg in the Washington Post
9/8/2017 Equifax data breach affects up to 143 million US consumers, Information Age
9/8/2017 Web App vulnerability enables Equifax breach affecting up to 143m in US, SC Media
9/8/2017 143 million could be affected by Equifax database hack, Mortgage Finance Gazette
8/7/2017 Congress looks to take the wheel on autonomous vehicles, Naked Security by Sophos
4/25/2017 APPSEC CA 2017 INTERVIEW – Gary McGraw, OWASP video
4/21/2017 Episode 44: Gary McGraw Knows Software Security, The Impact Podcast | Tech Trends for Entrepreneurs
4/3/2017 Free learning resources and tools for security savvy developers, SDTimes
3/21/2017 Q&A: Technology Expert AND UVa Grad Gary McGraw Talks Cybersecurity, UVA Today
3/1/2017 On the Wire Podcast: Gary McGraw, Heard On The Wire Podcast with Dennis Fisher
2/17/2017 What hackers can learn from Frank Zappa and T.C. Boyle, The Parralax
2/13/2017 GARY MCGRAW: SECURITY IS HARD WORK, Cyber Security Interviews podcast episode 13
2/12/2017 ITSPmagazine chats with Gary McGraw, Cigital CTO during AppSec California, ITSP Magazine, video
10/12/2016 Gary MCGraw on BSIMM7 and Secure Software Development, ThreatPost Podcast
10/11/2016 BSIMM7: Older then, younger now, CSOonline
10/6/2016 Taking down the internet: possible but how probable?, CSOonline
10/4/2016 BSIMM Shows Secure Software Development Making Inroads, darkreading
10/4/2016 Cigital’s BSIMM7 finds new industries taking on security challenges, SDTimes
07/13/2016 OCR’s HIPAA guidance on ransomware puts pressure on providers, Health Data Management
07/12/2016 Killing the password: FIDO says long journey will be worth it, CSO
05/24/2016 McGraw, Lohrmann, Stiennon Talk About How Washington Needs To Focus On Building Better Cyber Defenses, M2 TechCast
04/18/2016 Hack the Pentagon: Better if DoD made its systems secure in the first place, RT
04/11/2016 Some skeptical of Defense Department’s Hack the Pentagon pilot, San Francisco Chronicle
04/05/2016 5 Ways Cyber Experts Think the FBI Might Have Hacked the San Bernardino iPhone, IEEE Spectrum.
03/12/2016 Who Are the Bad Guys and What Do They Want?, O’Reilly.
03/02/2016 SSL ‘DROWNs’ In Yet Another Serious Security Flaw, darkreading.
02/09/2016 Medical Device, Health Care Security Continues to Ail, threatpost.
02/09/2016 Perspectives on the State of Software Security with Dr. Gary McGraw, IEEE Cyber Security.
02/03/2016 CERT Podcast Interview: Building Security In Maturity Model (BSIMM) – Practices from Seventy Eight Organizations, CERT.
01/05/2016 Microsoft’s New Security Approach, Redmond Magazine.
01/05/2016 The worst languages for app security bugs (and how to fix them), TechBeacon.
12/24/2015 Juniper firewall backdoors add fuel to encryption debate, Tech Target.
12/23/2015 Listen up, FBI: Juniper code shows the problem with backdoors, InfoWorld.
12/31/2015 2015: Security remains a stepchild, SD Times.
12/28/2015 Facing the future of software testing one change at a time, Tech Target.
12/13/2015 The Price of the Wearable Craze: Less Data Security, NBC News.
12/08/2015 Auto Cash Management newsletter.
11/24/2015 BSIMM’s Data-driven Approach to Software Security, eSecurity Planet.
11/23/2015 SAFECode Releases Framework For Assessing Security of Software, DarkReading.
11/16/2015 Ted Koppel: Apocalypse likely, CSO.
11/10/2015  Adobe Flash Bug Discovery Leads To New Attack Mitigation Method, Dark Reading.
11/09/2015  Healthcare In Last Place According To Security Maturity Model, BusinessSolutions.
10/31/2015  Podcast Tough and Tougher: IoT Security and Privacy, Iot-Inc.
10/28/2015 Podcast Gary McGraw on BSIMM6 and Software Security, Threatpost.
10/22/2015  Healthcare organisations fall short on software security, Techcentral.
10/21/2015  Health care orgs fall short on software security, MIS-Asia.
10/21/2015 Security information sharing gets even bigger with BSIMM6, MIS-Asia.
10/21/2015  Healthcare has ‘plenty to learn from other industries’ about software security, CMIO.
10/20/2015 Healthcare Security Benchmarked for First Time, Health Data Management.
10/20/2015 Measuring Secure Software Maturity, Forbes.
10/20/2015 Health care orgs fall short on software security, InfoWorld.
10/19/2015 Security Capability Engineering, 1 Raindrop.
10/19/2015  New study shows healthcare lagging behind in software security, Health Management Technology.
10/19/2015  No more guessing how your appSec ranks against your peers, Linkedin.
10/19/2015  HIPAA Not Helping’: Healthcare’s Software Security Lagging, Darkreading.
10/19/2015  Latest BSIMM Data Puts Health Care Back of the Pack, Threatpost.
10/19/2015 Cigital’s BSIMM6 finds software security lagging in industry, SD Times.
10/2/2015  EMV sets the stage for a better payment future, Network World.
10/2/2015  EMV sets the stage for a better payment future, InfoWorld.
9/22/2015  Free Tool Helps Companies Measure And Map Their Bug Reporting Programs, Dark Reading.
9/14/2015  We can still ‘Nail’ security in the IoT, Computer World.
9/11/2015  Podcast Gary McGraw on Scalable Software Security and Medical Device Security, Threatpost.
6/22/2015  Net of Insecurity: A disaster foretold and ignored, The Washington Post.
5/22/2015  Is security really stuck in the Dark Ages?, CSO Online.
5/21/2015  Podcast RSA 2015 -Gary McGraw Part 3: Internet of Things, Tech Target
5/21/2015  Podcast RSA 2015 – Gary McGraw Part 2: Cover your Portfolio (3D), Tech Target.
5/21/2015  Podcast RSA 2015 – Gary McGraw Part 1: IEEE CSD, Tech Target.
4/10/2015  Calls to make software designers liable for security weakness, Financial Times.
4/8/2015  Implantable Devices: Medical Devices Open to Cyber Threats, Risk & Insurance.
4/1/2015  Zone of protection: Hacker havens, SC Magazine.
3/30/2015  Meet the Bitter Liberals, Style Weekly.
2/24/2015  If you could go back in time…, CSO Online.
2/23/2015  RASP helps apps protect themselves, but is it ready for the enterprise?, Search CIO.
2/12/2015  Report: Microsoft packing more patches into fewer bulletins, CSO Online.
2/10/2015  Tracing cyber attacks: More than a game of Clue, IT World Canada.
2/9/2015  Whodunit? In cybercrime, attribution is not easy, CSO Online.
2/2/2015  Podcast 28: Securing our Web Applications, The Web Platform Podcast.
2/1/2015 Software Security – A Study in Technology Transfer, InfoQ.
1/12/2015  2015 Enterprise Dev Predictions, Part 2: Convergence, Security, Automation and Analytics, ADT
12/3/2014 Don’t Expect A Physical Threat From Iranian Cyberwarriors Anytime Soon, Nextgov.
11/11/2014 Does your system design eliminate the top 10 software security flaws?, Search Security.
9/19/2014 PodcastOWASP AppSecUSA 2014 – Keynote: Gary McGraw – BSIMM: A Decade of Software Security
9/4/2014 PodcastThe Myth Of The Private Naked Selfie, NPR.
9/3/2014 PodcastGary McGraw on the IEEE Center for Secure Design, Threatpost.
9/2/2014 IEEE: Top Ten Software Security Design Flaws, Dr. Dobb’s.
9/2/2014 Bugs Are Bad, But So Are Flaws: IEEE Sponsors Center for Secure Design, ADT Mag.
8/29/2014 IEEE Computer Society shares top security design flaws, SC Magazine.
8/29/2014 Focus is on software security design flaws, Information Security Soultions. RIP
8/29/2014 Focus is on software security design flaws, Datacentre Solutions. RIP
8/28/2014 The IEEE Center for Secure Design Reveals Top Ten Most Significant Software Security Design Flaws, Information Security Buzz.
8/28/2014 IEEE Guides Software Architects Toward Secure Software Design, Threatpost.
8/28/2014 IEEE reveals Top 10 software security design flaws (and how to avoid them), SD Times.
8/27/2014 IEEE Report Reveals Top 10 Software Security Design Flaws, Security Week.
8/27/2014 The top 10 security software design flaws and how to avoid them, Betanews.
8/27/2014 Google, Twitter and HP take the fight to the world’s top security flaws, ITProPortal.
8/27/2014 Google, Twitter, Intel and Others Form IEEE’s Software Design Center, InfoSecurity Magazine.
8/27/2014 Developers, Academia Team Up on Manual for Secure Software Design, eWeek.
8/27/2014 10 Common Software Security Design Flaws, Dark Reading.
8/27/2014 10 most significant software security design flaws, Help Net Security.
8/27/2014 Security experts identify top 10 software design flaws, ComputerWeekly.
8/27/2014 IEEE Center for Secure Design wants tech industry to stop ‘doing dumb stuff’, TechWorld.
8/13/2014 Yes, medical device security is lousy – so what?, NetworkWorld.
8/13/2014 Yes, medical device security is lousy – so what?, CSO.
8/7/2014 CSG Invotas Names Gary McGraw to Advisory Board, MarketWatch.
8/2/2014 What’s Bugging Cigital on Security Analysis of Medical Devices, Archimedes Research Center for Medical Device Security.
7/29/2014 New Cybersecurity Primer by the Center for a New American Security, Just Security.
7/29/2014 Security is Front and Center for Developers, SD Times.
7/24/2014 Some Things Should be Banned from the Internet of Things, Nextgov.
7/22/2014 Evaluate Aspiring Cyberwarriors Using Gaming, Not Grades, Nextgov.
7/21/2014 Living with Cyber Insecurity: Reducing the National Security Risks of America’s Cyber Dependencies, Lawfare.
6/10/2014 Security Survey Reflects Awareness, but Little Action on New Threats, The Wall Street Journal – CIO Journal.
5/28/2014 Report: Health-Care Sector Ranks Below Retail in Cybersecurity, The Wall Street Journal – CIO Journal.
5/7/2014 BSIMM and Building Software More Securely, BBC Radio. RIP
5/6/2014 Open Source: Thin Line Between Collaboration, ‘Chaos’, The Wall Street Journal – CIO Journal.
5/6/2014 The Morning Download: Patching Open Source Software Involves ‘Chaos’, The Wall Street Journal – CIO Journal.
4/11/2014 Here are the options with Heartbleed-flawed networking gear (Hint: there aren’t many), CSO.
4/08/2014 Microsoft XP’s massive cybersecurity problem, Politico.
3/21/2014 PodcastEpisode 366: Interview with Gary McGraw, Security Weekly TV.
3/15/2014 PodcastBug Parades, Zombies, and the BSIMM: A Decade of Software Security, Keynote Presentation at Booster Con.
3/13/2014 Google Glass: Evil by design? En kort reflektion fran Booster, inuseful.
3/11/2014 Bad Ads Outstrip Porn as Mobile Phone Infection Vectors, TechNewsWorld.
3/07/2014 Descending Into the Maelstrom – Notes on RSA Conference 2014, Carnegie Mellon CyBlog.
2/22/2014 PodcastTime for Enterprise IT to declare defeat in the Security war?, HP Discover Performance Weekly.
2/20/2014 Microsoft Goes Live with Office 365 Message Encryption, Redmond Magazine.
2/07/2014 PodcastCyber War, Cyber Peace, Stones, and Glass Houses, James Madison University Distinguished Lecture.
1/23/2014 Why smart users are the key to secure online banking, CSO.
1/14/2014 The RSA Conference boycott is nonsense, Computerworld.
1/09/2014 After Snowden, Computerworld.
12/09/2013 DevOps and Application Security: People You Need to Know, Trusted Software Alliance.
11/13/2013 Healthcare.gov will eventually be functional, but how secure?, CSO.
11/05/2013 Long live perimeter security, CSO.
11/04/2013 5 Obamacare Website Failures That Could Have Been Avoided, CRN.
11/01/2013 PodcastGary McGraw on BSIMM-V and Software Security, Threatpost.
11/01/2013 Cigital boosts latest BSIMM software security tool with expanded list of firms, Techworld.
11/01/2013 BSIMM-V: Software Security is Becoming Mainstream, EMC Product Security Blog.
10/30/2013 BSIMM Advancing Software Security, eSecurity Planet.
10/30/2013 Building Security In Maturity Model: Version 5 Released, Infosecurity Magazine.
10/30/2013 Software Security Maturity Plods Along, Dark Reading.
10/30/2013 BSIMM-V Examines Software Security Practices of 270,000 Developers, SecurityWeek.
10/10/2013 PodcastGary McGraw featured on The Price of Business, The Price of Business with Kevin Price.
10/01/2013 Dulles’ Cigital Gets $50 Million Payday to Buy Off Early Investors, Expand, InTheCapital.
10/01/2013 Preview of ‘Why Is Software Still So Bad?’ Event in Atlanta, Results Matter Radio.
10/01/2013 Cigital Making A Move To Atlanta, AJC Tech Biz.
10/01/2013 Cigital Secures $50M Investment from LLR Partners, Cigital.com.
10/01/2013 Shattered Trust: IT Survey Shows PRISM Allegations Have Brought Cloud Misgivings, Redmond Magazine.
09/28/2013 PodcastInternational Tech Company Bullish on Bloomington, Inside INdiana Business Television.
09/17/2013 PodcastHP Protect 2013 Keynote: “Bug Parades, Zombies, and the BSIMM: A decade of software security”, HP Protect 2013.
09/17/2013 PodcastHP Protect 2013 keynote interview with Dr. Gary McGraw, HP Protect 2013.
09/15/2013 Is cyberwar really war?, The Boston Globe.
08/28/2013 PodcastGary McGraw – Security and the Complexity of Today’s Software, Trusted Software Security Alliance – 50 in 50 Interview Series.
08/23/2013 How to close the IT security skills gap, HP – Discover Performance. RIP
08/06/2013 PodcastThe Inside Story with Gary McGraw, IEEE Computer Society.
07/23/2013 Senators pushing business-backed cybersecurity bill, The Washington Times.
07/23/2013 Kelly Services CIO Emphasizes Cybersecurity, Wall Street Journal CIO Report.
07/14/2013 PodcastBSIMM, Embedded Controls, and More with Gary McGraw, Tech Talk With Craig Peterson. RIP
07/04/2013 Hacking competitions seek cybersecurity superstars, BBC News.
06/17/2013 Why we can’t stop malicious insiders, CSO.
06/17/2013 NSA data collection programs demand discussion, scrutiny, SearchSecurity.
06/07/2013 Indiana University Alumni Spotlight: Dr. Gary McGraw, Indiana University Cognitive Science News.
04/25/2013 Indiana University School of Informatics Career Achievement Award: Gary E. McGraw
04/22/2013 Chinese Hackers, ‘Active Defense’ and Other Bad Ideas, Information Security.
04/15/2013 PodcastHow I Got Here: Gary McGraw, Threatpost.
04/11/2013 PodcastUse VBSIMM software security model when buying software, SearchSecurity.
04/08/2013 PodcastMobile app security issues demand trustworthy computing, SearchSecurity.
03/21/2013 Flaw Leaves EA Origin Platform Users Open to Attack, Threatpost.
03/19/2013 PodcastAmerica’s cyber war weak spot, Reuters.
03/12/2013 PodcastGary McGraw on evolution of BSIMM maturity framework, SearchSecurity.
03/08/2013 PodcastZombies and the BSIMM: A Decade of Software Security, RSA Conference 2013.
03/08/2013 PodcastMobile app security issues demand trustworthy computing, SearchSecurity.
03/07/2013 Managing Security Risk, the CSO Panel at RSA, Computing Now – IEEE Computer Society.
03/05/2013 CISO Panel: Speaking Klingon to Captain Kirk, Application Development Trends.
03/05/2013 Despite Latest Threats, Microsoft’s Cyber Czar Optimistic About IT Security, Redmond.
02/22/2013 Everyone knew what China was doing — now what?, InfoWorld.
02/19/2013 Chinese Army link to hack no reason for cyberwar, CSO.
02/06/2013 2013 Challenges for Developers, Part III: Future Challenges, Application Development Trends.
01/29/2013 Pentagon hiring binge won’t guarantee more security, CSO.
01/22/2013 Deb Shinder’s Blog: Thirteen principles to ensure enterprise system security, WindowSecurity.com. RIP
01/10/2013 While the cyber war tail wags the national security dog, software security offers a different path to cyber peace, CSO.
12/21/2012 Will BSIMM 4 Improve Software Security?, InternetNews.com.
12/20/2012 Software Security: BSIMM’s Holistic Approach, eSecurityPlanet.
12/20/2012 BSIMM’s gift: The 12 security days of Christmas, CSO.
12/20/2012 BSIMM’s gift: The 12 security days of Christmas, PC Advisor.
12/18/2012 HP sheds light on enterprise giants’ security know-how, V3.co.uk.
12/14/2012 Smart TV hack highlights risk of ‘The Internet of Everything’, CSO.
12/11/2012 The cyberwar doctrine debate: Meaningful without international sign on?, Network World.
12/03/2012 Gary McGraw gives industry overview during Dean’s Lecuture Series, RIT College of Computing and Information Sciences blog. RIP
11/29/2012 Software security expert visits local school, Democrat and ChonicleRIP
11/15/2012 Fidelity Invests In Secure Software Development, Dark Reading.
11/13/2012 PodcastGary McGraw on Cyberwar and the Folly of Hoarding Cyber-Rocks, Threatpost.
11/13/2012 Cyber War, Peace, Tomorrow, Kings of War Blog.
11/08/2012 Gary McGraw on National Cybersecurity, Schneier on Security Blog.
11/08/2012 PodcastGary McGraw on proactive defense, offensive security, IT Knowledge Exchange.
11/07/2012 Security experts push back at ‘Cyber Pearl Harbor’ warning, CSO Online.
11/01/2012 Around the Web: Proactive defense prudent alternative to cyberwarfare, InformationWeek.
10/19/2012 Kaspersky’s Exploit-Proof OS Leaves Security Experts Skeptical, Slashdot.
10/18/2012 Kaspersky’s exploit-proof OS leaves security experts skeptical, CSO Online.
09/26/2012 Bank Cyberattacks Underscore Need for Security Processes, Wall Street Journal: CIO Journal.
09/26/2012 PodcastGary McGraw on the BSIMM4 and How to Avoid Being the Slowest Zebra, threatpost.
09/25/2012 Desktop security software gets proactive with application sandboxing, Search Enterprise Desktop.
09/25/2012 BSIMM4 Released; If You Are Not Part of the Solution, Well Then…, CyBlog.
09/21/2012 Launching An IAM Project: Where To Start, Dark Reading.
09/19/2012 Bromium secures computers by holding apps in isolation, cnet.
09/18/2012 New BSIMM Provides Measuring Stick for Secure Application Development Programs, SecurityWeek.
09/18/2012 BSIMM4 Release Expands Software Security Measurement Tool And Describes New Activities, Dark Reading.
09/18/2012 BSIMM4 Release Expands Software Security Measurement Tool and Describes New Activities, Minded Security Blog.
09/18/2012 The BSIMM Nouveau Has Arrived, EMC^2 Product Security Blog.
09/18/2012 BSIMM4 gets bigger, better, CSO Online.
09/18/2012 BSIMM4 launches today, CSO Online.
08/31/2012 Oft-cited cybercrime cost estimates hosed down, CSO Online.
07/25/2012 London Olympics officials prepare for cyber attacks, Los Angeles Times.
07/09/2012 Black hat vs white hat – the fight for the London 2012 Olympics, Computer World UK.
06/19/2012 Cloud computing pros and cons for security, SearchCloudSecurity.
06/07/2012 The Morning Download: How Government Apps Could Kill Your Business, CIO Journal (WSJ)
06/07/2012 The End of the Password as We Know It, The Atlantic Wire.
06/06/2012 LinkedIn Password Breach Illustrates Endemic Security Issue, CIO Journal (WSJ).
05/31/2012 Flame Puts Heat on Corporate IT Security, The Wall Street Journal.
05/31/2012 U.S. companies, government not likely burned by Flame, CSO.
05/30/2012 The Morning Download: Flame Raises Cloud Security Issues, The Wall Street Journal.
05/30/2012 Podcast‘Flame’ malware burns through cyberspace, Marketplace (NPR).
05/29/2012 CIOs Should See Flame as a Call to Arms, CIO Journal (WSJ).
05/15/2012 Public vs. private cyberattack responsibility debate heats up, CSO Australia.
05/09/2012 What’s in a name? Azure branding confusion and the meaning of ‘badware’, TechTarget.
05/03/2012 Could ‘bullet time’ stop a cyberattack?, Network World.
05/01/2012 The “Oceans 11” of Cyber Strikes, Brookings.
04/27/2012 Anonymous Hacker Anonw0rmer: Unmasked By Embedded Data, Not Girlfriend’s Breasts, International Business Times.
04/27/2012 McGraw wants cyber security shift, The Dartmouth.
04/26/2012 Embedded data, not breasts, brought down hacker, ComputerWorld.
04/25/2012 Will Obama preside over the coming of Big Brother?, ComputerWorld.
04/15/2012 Will we trade freedom for application security?, Network World.
03/23/12 Attacks in Android’s side-view mirror are smaller than they appear, CSO.
03/03/12 Why the security industry never actually makes us secure, CNET.
02/28/12 Government and Private Industry Experts to Speak on Innovation and Technology Transfer at IEEE Security & Privacy Magazine Panel at RSA 2012, PRWeb.
02/15/12 Romanian police arrest alleged hacker in Pentagon, NASA breaches, CSO.
02/14/12 13 security myths you’ll hear — but should you believe?, Network World.
01/26/12 Software [In]security: vBSIMM Take Two (BSIMM for Vendors Revised), informIT.
01/19/12 Pentagon-funded games would crowdsource weapons testing, Nextgov.
01/12/12 Microsoft security–you’ve come a long way, baby, Cnet.
01/10/12 White House Launches Electric Industry Security Maturity Model Program, threatpost.
12/26/11 Software [In]security: BSIMM versus SAFECode and Other Kaiju Cinema, informIT.
12/21/11 Will Kim Jong Un be for cyberwarfare what his dad was for nukes?, CSO.
11/30/11 Software [In]security: Third-Party Software and Security, InformIT.
11/27/11 In 2012, a mobile security minefield, CSO Online.
10/31/11 Software [In]security: Software Security Training , InformIT.
10/26/11 Web application risks exacerbated by social media ties, says ISACA, SearchSecurity.com.
10/07/11 Security Upgrades Needed With Growing Cyberwar Threats, PCWorld.
10/04/11 Developing IT risk management decision-making criteria an ongoing challenge, SearchSecurity.com.
09/30/11 SAFECode and the BSIMM: Two Paths to a Common Goal, SAFECode blog.
09/30/11 BSIMM3 Continues To Add Real-World Data to Security Maturity Model , Application Development Trends.
09/29/11 New BSIMM3 Guide Provides New Data On Secure Software Development, OnlySoftwareBlog.
09/29/11 New BSIMM3 Guide Provides New Data On Secure Software Development, DarkReading.
09/28/11 Multi-year study of real-world software security initiatives, Help Net Security.
09/28/11 Podcast Gary McGraw on the BSIMM3 Data Release, Threatpost.
09/27/11 BSIMM3 launches today, CSO Online.
09/27/11 BSIMM3 Released: “An Excellent Tool for Devising a Software Security Strategy” , CyBlog.
09/27/11 Software [In]security: BSIMM3, InformIT.
09/27/11 BSIMM3 Release Doubles Software Security Measurement Data and Includes Measurements Over Time, Global Security Mag.
09/27/11 A Secure Software Development Lifecycle Model Matures, DeviceLine Blog.
09/27/11 A Secure Software Model Matures, Forbes.com.
09/27/11 Cigital BSIMM 3 study provides software security metrics data, SearchSecurity.com.
09/13/11 The Past, Present and Future of Software Security, Threatpost.
09/13/11 The Rise of Software Security, Slashdot.
08/03/11 New Microsoft BlueHat Prize offers $250,000 for security innovation, SearchSecurity.com.
08/02/11 Report on ‘Operation Shady RAT’ identifies widespread cyber-spying, Washington Post.
07/21/11 Software [In]security: Software Security Zombies, InformIT.
07/07/11 Simple Isn’t Simple, Darkreading.com.
06/10/11 Secure coding news flash: BSIMM3 coming in August, CSO Online.
06/08/11 Banks replace SecurID tokens, FierceCIO.
06/07/11 Cigital acquires Consciere, brings in security vets, SearchSecurity.com.
06/07/11 RSA Faces Angry Users After Breach, New York Times.
06/02/11 While U.S. Plots Cyber Strategy, Experts See Obstacles Ahead, Threatpost.
05/30/11 Software [In]security: Computer Security and International Norms, InformIT.
04/21/11 Register for May 17 IEEE Computer Society Software Experts Summit, Digital Journal.
04/12/11 Software [In]security: vBSIMM (BSIMM for Vendors), InformIT .
04/01/11 Marcus Ranum and Gary McGraw talk about software security issues, Security.
03/31/11 Microsoft Cites Progress in SDL Report, Advocates More Adoption of ASLR, DEP, Threatpost.
03/30/11 Most Windows Applications Use Microsoft’s DEP, DarkReading.
03/30/11 Microsoft cites software security progress despite sluggish ASLR support, SearchSecurity.com.
03/22/11 Software [In]security: Modern Malware, InformIT.
03/15/11 How to Mine Customer Data the Right Way, PCWorld.
03/14/11 BSIMM’s European Tour, Application Development Trends.
03/14/11 Industry groups, businesses attempt security awareness training plan, SearchSecurity.com.
03/09/11 Keynote Speakers Announced for May 17 Software Experts Summit in Silicon Valley, Digital Journal.
02/16/11 Podcast IEEE Security & Privacy Cyberwar Panel at RSA Conference 2011, Computing Now.
02/09/11 Hotel Technology Event to Feature Top Speakers and Issues, Hospitality.net – Industry News.
02/08/11 New Funding, New Website, New Research, Dasient Blog.
02/08/11 Podcast Advanced Persistent Threat: Industrial Strength Hacking, Expert Voices Speaker Series.  RIP
02/04/11 Real Cyber Warfare: Carr’s Top Five Picks, Forbes.com.
01/25/11 Social Networking: Keeping It Clean, The Journal.
01/09/11 Security Awareness and Embedded Software, Making Life Easier – Ronald Landheer-Cieslak Blog.
01/01/11 Old information security challenges persist, SearchSecurity.com.


12/15/10 Security expert suggests demilitarizing cybersecurity, ZDNet.
12/14/10 Cracks in cyber security reveal gaping holes in our digital defenses, TechJournal South .
12/02/10 Talk of Cyber War: What is It Good for? Absolutely Nothing, Experts Say, The New New Internet (TNNI).
12/02/10 Wikileaks: Uncle Sam Was Warned, Threatpost. RIP
12/01/10 Demilitarizing cybersecurity (Q&A), CNET.
12/01/10 McGraw and Arce on Cyberwar, 1 Raindrop.
11/30/10 Podcast Gary McGraw on Cyber War, Cyber FUD and Rhetoric, Threatpost.
11/30/10 Expert: BSIMM Can Help Enterprises Build Secure App Development Processes, DarkReading.
11/26/10 Sky News, Stuxnet and the End of the World, ComputerWeekly.com.
10/12/10 PCI Compliance Means Getting Your App Security Together , DarkReading.
10/05/10 Stuxnet: Fact vs. theory, CNET.
10/01/10 Defending Against Stuxnet Type Threats, Invincea.
09/28/10 All About Stuxnet, Six Lines blog.
09/28/10 Podcast How to Develop More Secure Software – Practices from Thirty Organizations, CERT podcast.
09/27/10 Stuxnet: An important change in the national security landscape, CTOvision.com.
09/23/10 Stuxnet Heralds New Generation of Targeted Attacks , DarkReading.
09/22/10 Most Third-Party Software Fails Security Tests, DarkReading.
09/10/10 What Adobe could learn from The Flying Wallendas, The Register.
09/01/10 It’s time to change… but how?, SDTimes.
09/01/10 Hack-Proof Dream?, ABA Journal.
08/23/10 Bejtlich on Silver Bullet Podcast, TaoSecurity.
08/18/10 HP’s Fortify Buyout Numbers Tell Lucrative Story For Software Security, Forbes.
08/17/10 HP’s Fortify Acquisition: More Validation of Security in the App Dev Lifecycle, Application Development Trends.
08/17/10 Secure software Experts say it’s no longer a pipe, gagsandgiggles.com blog. RIP
08/06/10 Real-World Software Security, Dr. Dobb’s.
06/20/10 Cyber War: Hype or Consequences?, UGN InfoManager.
06/09/10 McGraw’s Advice to Programmers, Dr. InfoSec™ Blog.
06/07/10 Open-Source Could Mean an Open Door for Hackers, Technology by MIT Review.
05/20/10 Staff prefer Facebook to pay rises, says report, ComputerWorld UK.
05/17/10 Podcast Gary McGraw on software security research, SearchSecurity.com – Security Wire Weekly.
05/13/10 Cigital expands software security model, includes data from 30 major firms, SearchSecurity.com.
05/13/10 Real-world data on software security initiatives, Help Net Security.
05/12/10 Leading Software Security Maturity Model Triples to Include More Real-World Data on Real Software Security Initiatives , EarthTimes.
05/12/10 Building Security In Maturity Model gets an Update, ComputerWeekly.com.
05/12/10 Podcast Gary McGraw on BSIMM2, Software Security and Cargo Cult Science, Threatpost.
05/12/10 Justice League – BSIMM2, My Security Planet Blog.
05/12/10 Evolving Rapidly, BSIMM2 Offers Key Elements of Successful Software Security Initiatives Shared by 30 Major Corporations, CyBlog: Security, Privacy and Mobility in the Information Age.
05/12/10 Gary McGraw on Developing Secure Software (Q&A), CNET.
05/12/10 Product Watch: ‘Measuring Stick’ For Software Security Gets An Update , DarkReading.
05/12/10 SAFECode and BSIMM: A Powerful Combination in the Work to Improve Software Security, SAFECode blog. RIP
05/12/10 Measuring Software Security: BSIMM2 and Beyond, eSecurity Planet.
05/12/10 BSIMM2: Look Left, Look Right, GEEKONOMICS. RIP
05/12/10 [WEB SECURITY] BSIMM2, Web Application Security Consortium .
05/12/10 New BSIMM report released…, MSDN blog. RIP
05/05/10 How Bad Assumptions Are Making Software Less Secure, Forbes.
05/01/10 The Debate Over Social Media at the Office, Entrepreneur Magazine.
04/22/10 Hackers and Social Networking: A Love Story, TechNewsWorld.
04/09/10 Securing the smart grid, cnet.
04/01/10 Game developers battle cheaters in a virtual world, Orlando Sentinel.
04/01/10 OWASP Top 10 vulnerabilities list adds risk to equation, Information Security Magazine.
03/31/10 Survey Says: More Than Half of Software Companies Deploying Secure Coding Methods, DarkReading.
03/27/10 Pokerstars RNG Certified, RecentPoker.com.
03/24/10 Promoting the CS at trade shows, Inside the Computer Society (IEEE Computer Society).
03/18/10 Warren Axelrod on Banking Information Security Exclusive Interview on Trends, Threats and Priorities, BankInfoSecurity.
03/07/10 Exploiting Online Games: Cheating Massively Distributed Systems, Blizz Hackers blog.
03/04/10 How a process model can help bring security into software development, Government Computer News.
03/02/10 RSA 2010: Lifestyle Hacking — Notes on “Social Networks & Gen Y Meet Security & Privacy”, CyBlog.
03/02/10 Hot topic at RSA: The pitfalls and promise of social networking, Infosecurity.
02/23/10 Sprechen Sie SSL?, News from the Lab.
02/19/10 Proposal Would Hold Software Developers Accountable For Security Bugs, InformationWeek.
02/18/10 New York State holds software developers accountable, Infosecurity.
02/18/10 Infrastructure vs. Application Security Spending, Jeremiah Grossman.
02/18/10 Legal Liability For Faulty Code, Mark Hess’ Behind The Lines.
02/17/10 Morning Security Brief: Cyberdisaster Exercise, Software Security, Pandemic Tools, and More, Security Management.
02/16/10 Group Proposes Suits Over Faulty Code, Gov Info Security.
02/16/10 SANS Institute, MITRE release new top 25 dangerous coding errors list, SearchSecurity.com.
02/16/10 Top 25 Programming Errors: Should Software Developers be Liable?, Bank Info Security.
02/16/10 Hold vendors liable for buggy software, group says, Computer World.
02/16/10 25 ways to better secure software from cyber attacks, Scientific American Observations.
02/16/10 Security agencies release Top 25 programming errors, Washington Technology.
02/16/10 Proposal Would Hold Software Developers Accountable For Security Bugs, Dark Reading.
02/16/10 Hold Vendors Liable for Buggy Software, Group Says, CIO.
02/12/10 Improving software with the Building Security in Maturity Model (BSIMM), SearchSecurity.com.
02/09/10 Microsoft, Google split over browser bug bounty, Insecurity Complex (cnet news).
02/03/10 DHS Takes Steps In The Right Direction, Gartner Blog Network.
02/01/10 In their words: Experts weigh in on Mac vs. PC security, Insecurity Complex (cnet news).
01/28/10 BSIMM: A Descriptive Model of Software Security, good code. RIP
01/27/10 David Rice on Silver Bullet Security Podcast with Gary McGraw, Geekonomics.  RIP
01/26/10 Books you need to buy 3, Rock’n’Roll Programming.
01/21/10 Podcast Special Webcast: The Impact of BSI-MM in Software Development Programs, GEEKONOMICS.  RIP
01/20/10 Podcast The Building Security In Maturity Model, CERIAS Security Seminar Podcast.
01/18/10 SANS Application Security Summit 2010, GEEKONOMICS. RIP
01/04/10 Podcast Software Security – An interview with Dr. Gary McGraw, Imperva Security Podcasts.
12/31/09 Building Security In Maturity Model, RiskPundit.
12/30/09 The All-Decade Interview Team, threatpost.
12/30/09 Fun Reading on Security and Compliance #22, Anton Chuvakin Blog – “Security Warrior”.
12/28/09 Web Application Security Podcasts, Secweb.nerd.it blog.
12/23/09 Exploiting Online Games: Cheating Massively Distributed Systems, Security Reading Room Blog. RIP
12/15/09 SANS Institute to Host First Annual Application Security Focused Event and Summit, JAVA Developer’s Journal. RIP
12/13/09 Coding gems 11-20, Confessions of a Chief Home Officer.
12/01/09 Silver Bullet Talks with Fred Schneider, IEEE SECURITY & PRIVACY.
11/23/09 looking out for lifestyle hackers in the workplace, terminal 23.  RIP
11/18/09 Bring Your Computer to Work Day?, 1 Raindrop.
11/13/09 Best practices in information security, Continuity Central. RIP
11/13/09 Interested in application (code) security?, Bloor. RIP
11/12/09 Fortify Software: New Study Provides Real-World Data on Leading Software Security Initiatives in Europe, TradingMarkets.com. RIP
11/12/09 Differences between EU and US attitudes to application security detailed in new report, SC Magazine.
11/12/09 Cigital, Fortify tailor security model for Europe, SD Times. RIP
11/12/09 New Study Provides Real-World Data on Leading Software Security Initiatives in Europe; First-ever European Maturity Model Details Success of SWIFT, Nokia and others, TMCnet.com.
11/11/09 Real-world data on software security initiatives, Help Net Security.
11/11/09 BSIMM Europe, Minded Security Blog.
11/11/09 BSIMM Europe, Off by On.
11/10/09 Hot-or-Not session over software security, Beveiliging Nieuws.
11/10/09 From Biometrics to BSIMM , & “50 Hurricanes Hitting At Once!” — A Report on the Sixth Annual Partners Conference, CyBlog: Security, Privacy and Mobility in the Information Age.
11/06/09 Podcast Gary McGraw on Software Security, the BSIMM Model and Critical Thinking, Digital Underground podcast.
11/06/09 Gary McGraw on Software Security, the BSIMM Model and Critical Thinking, Gary McGraw on Software Security, the BSIMM Model and Critical Thinking, Threatpost
11/05/09 Journal: Out of Touch with Reality I, Public Intelligence Blog.
11/04/09 Lifestyle Hackers: o desafio da Net Generation, Miguel Almeida.
11/03/09 Lifestyle Hackers, Hack in the Box.
11/03/09 The new insider threat – lifestyle hackers, RiskPundit.  RIP
11/03/09 Lifestyle Hackers, Hayes on Security.  RIP
11/02/09 Hacking Is A Way Of Life, Dark Reading.
11/02/09 Lifestyle Hackers, LinuxSecurity.com.
11/09/09 Fortify: New Study Provides Real-World Data on Leading Software Security Initiatives in Europe, Global Security Mag.
10/27/09 Leer denken als een hacker en programmeren als een security expert, engineersonline.nl.
10/24/09 Hoff on Silver Bullet Podcast, SecuObs.com.
10/24/09 Hoff on Silver Bullet Podcast, 1 Raindrop.
10/24/09 Cigital’s Gary McGraw talks cloud security with Chris Hoff, IT Knowledge Exchange.
10/22/09 Web application firewall use goes beyond compliance, company finds, SearchSecurity.com.
10/22/09 Sicurezza Open, Il sole 24 ore.
10/20/09 New Lecture Series Centers on Security Issues, UA News.
10/12/09 Exploiting Online Games, TEEYAI’s Blog. RIP
10/09/09 Reality Check, 1 Raindrop.
10/08/09 Cigital, SANS Institute Roll Out Software Security Self-Measurement With BSIMM, DarkReading.
09/25/09 Benchmarking Security – Are We Safe Yet?, John Pescatore (Gartner Blog Network).
09/17/09 Is SQL Password Vulnerability A Real Threat?, Redmond Developer News.  RIP
09/16/09 Silver Bullet Security Podcast: Fred Schneider, Computing Now (IEEE Computer Society Newsletter).  RIP
09/15/09 Information Security Summit 2009 – Overview, Gartner.
08/18/09 SQL Injection continues to trouble firms, lead to breaches, SearchSecurity.com.
07/27/09 Book Review: Exploiting Online Games, 404 Tech Support.
07/21/09 Silver Bullet Podcast Interviews Bob Blakley, Burton Group Blogs: Security and Privacy.  RIP
07/08/09 Suspicion Centers on N. Korea in DoS Blitz but No Smoking Gun, TechNewsWorld.
07/01/09 Gov’t official: We’re serious about cybersecurity this time, ITworld.
06/25/09 The Value of Static Analysis Tools, Building Real Software.
06/22/09 From computer determinism to real world indeterminism, Thinking Inside a Bigger Box.
06/20/09 Q&A: Twitter And Clouds, Dr. Dobb’s.
06/10/09 How Microsoft Influenced Adobe Security In a Good Way, ComputerWorld.
06/05/09 Summer Reading for Security Pros: Schneier or Sagan?, CSO Online.
06/03/09 PayPal Software Security Podcast, cgisecurity.com.
06/02/09 Xbox: Integrating Social Networks, ESET Threat Blog. RIP
05/10/09 CyLab Business Risks Forum: Gary McGraw on Online Games, Electronic Voting and Software Security, CyBlog.
04/27/09 Gary McGraw Interviews Virgil Gligor on Software Security and Other Vital Issues, CyLab news.
04/24/09 Hacking in online games a widespread problem, FierceCIO TechWatch (also: cnet).
04/23/09 Top Cybersecurity Official Spurs White House to Take Lead, TechNewsWorld.
04/23/09 Hacking online games a widespread problem, cnet news.
04/22/09 RSA: The fundamental challenge of security versus privacy, SC Magazine. RIP
04/22/09 Experts call for better measurement of security, threatpost: digital underground.
04/20/09 Secure software? Experts say it’s no longer a pipedream, cnet security news.
04/19/09 Podcast Brian Chess and Gary McGraw AND-401: Building Security In Maturity Model (BSIMM), RSA Conference 365.  RIP
04/17/09 Podcast Gary McGraw FEA-105: Surveillance: Security, Privacy and Risk and HT2-303: Exploiting Online Games, RSA Conference 365.  RIP
04/14/09 RSA panel to discuss surveillance, privacy concerns, SearchSecurity.com.
04/08/09 Building Security In Maturity Model (BSIMM), (ISC)2 Blog.
04/07/09 Software [In]security: Nine Things Everybody Does: Software Security Activities from the BSIMM, threatpost Punditry.
04/07/09 IEEE Security & Privacy Magazine Sponsors Surveillance Panel at RSA, PR Newswire (press release). RIP
04/06/09 Building Security In, Maturely, Emergent Chaos.  RIP
04/03/09 Brad’s Reality Check Interview, ASSET (Adobe blog).
04/01/09 Een maturiteitsmodel voor software security, IT Professional.  RIP
03/31/09 Conficker Fears Create Fertile Ground for Other Scammers, TechNewsWorld.
03/31/09 Podcast An Experience-Based Maturity Model for Software Security, CERT Podcast.
03/27/09 BSIMM lays out security blueprint, SDTimes.  RIP
03/27/09 The He Got Game Rule, 1 Raindrop.
03/25/09 It B-SIMM-ply Marvelous!, Enterprise Security Blog.  RIP
03/23/09 SDWest, SDBestPractices, SDArch&Design: RIP, 1975 – 2009, The Blog Ride.
03/17/09 First Data-Based Security Maturity Model Released, Visual Studio Magazine (also: Redmondmag.com).  RIP
03/17/09 First Data-Based Security Maturity Model Released, Application Development Trends.  RIP
03/13/09 Microsoft on ‘Building Security In Maturity Model’, Ruminations on Architecture and Security.
03/13/09 Fortify & Cigital Release BSIMM — Integrating Best Practices from Nine Software Security Initiatives, CyBlog.
03/12/09 Software Security Model – BSI-MM released, Mike Andrews.  RIP
03/12/09 Building Security In Maturity Model, The Security Development Lifecycle (MSDN).
03/12/09 New report offers low-down on secure develoment, Network World.
03/11/09 New report offers low-down on secure develoment, Techworld.com.  RIP
03/11/09 Application Security is Journey, Not a Destination, Security Incite.  RIP
03/10/09 Obama’s New Tech Czar, BusinessWeek.
03/10/09 Maturity model offers software security yardstick, Computer Business Review (also: Computer World UK).
03/10/09 Modelo de Maturidade para Segurança de Software (translate), marcelosouza.com.
03/10/09 A New Hope for Software Security?, Network World (also: CSO Online).
03/09/09 Political Turf Wars Drive Out US Cybersecurity Chief, TechNewsWorld.
03/09/09 Building Security In Maturity Model Partly Applies to Detection and Response, TaoSecurity.
03/06/09 BSI-MM est arrivé!, 1Raindrop.
03/06/09 CAG, BSIMM and field-assessed security, Security Balance.  RIP
03/06/09 Fortify, Cigital Release Software Security Program Benchmarks, Dark Reading.
03/06/09 Risks Digest 25.60, RISKS.
03/05/09 Benchmarks for developing and growing an enterprise-wide software security program, Help Net Security.
03/05/09 Building Security In Maturity Model, Sylvan von Stuppe.
03/05/09 BSIMM: Maturing the process of Building Security In., SilverStr’s Blog.
03/05/09 BSIMM lives, SC-L.
03/04/09 The Building Security In Maturity Model (BSIMM), Dr. InfoSec.
03/04/09 New Effort Hopes to Improve Software Security, The Wall Street Journal Blog: Digits.
02/16/09 锁好数据防盗门 走出安全误区, (translate) cnet China.  RIP
02/16/09 Podcast Why top lists don’t work, SearchSecurity.com podcast.  RIP
02/11/09 Enterprise Architecture: What is a worst practice in your organization?, Enterprise Architecture: From Incite comes Insight….
02/09/09 SQL injection attacks targeting Flash, JavaScript errors, SearchSecurity.com.
02/03/09 Silver Bullet Security Podcast, 1 Raindrop.
02/03/09 Book Review: Exploiting Software – How to Break Code, 404 Tech Support.
01/20/09 Source Code Analysis Tools: How to Choose and Use Them, CSO Online
01/20/09 Spécial sécurité : politique et malware, mélange sulfureux, LeMagIT (English translation).
01/19/09 Fuzzing Is Still Widely Unknown, ITworld.
01/19/09 Podcast Are vulnerability lists helpful?, SearchSecurity.com Security Squad podcast.
01/15/09 Gary McGraw’s Reality Check Security Podcast, The Security Development Lifecycle.
01/15/09 Should states lead the charge for secure application development?, SearchSecurity.com.  RIP
01/15/09 Podcast OWASP Podcast Series #5.
01/12/09 Reality Check, Off by On.
01/12/09 Protection Poker, Emergent Chaos.  RIP
01/08/09 Gary McGraw and Steve Lipner, Emergent Chaos.
01/07/09 Fuzzing Is A Surprise To Some, But Not To Us – Right?, Fuzzing.  RIP
11/28/08 TOP PC, Internet, Information Security & Identity Management Blogs!, CEOWORLD Magazine.
11/21/08 Cheating, security, & theft in virtual worlds and online games, GranneBlog.
11/18/08 The Economics of Finding and Fixing Vulnerabilities in Distributed Systems, 1 Raindrop.
11/04/08 Lecture 07 , UCB CS 294-22 Web Security.
10/20/08 Browsers getting harder and harder to secure, SearchSecurity.
10/17/08 The Untapped Open Source Online Gaming Opportunity, TechNewsWorld.
10/16/08 What Videogames Teach Us About Security, Forbes.com
10/15/08 Browser security a concern for website development, SearchSoftwareQuality.com.
09/22/08 New “Likes and Dislikes”- Based RavenWhite Password Protection Technique Helps Consumers and Businesses Thwart Email Hackers, Business Wire.
09/16/08 The Chosen, System Advancements at the Monastery.
09/16/08 Twenty cans of worms on the wall … (The Greek Hackers vs CERN Saga), Cyberpunk as a commodity.  RIP
09/05/08 Don’t ignore internal security (and don’t write passwords on Post-it’s), CIO Symmetry.
09/05/08 Think like a hacker (and other World of Warcraft-inspired musings), TotalCIO.
09/03/08 Multiplayer online games pose threat, FierceCIO.
09/08 New Exploits at Black Hat (sidebar: “Microsoft Lays out Security MAPP”), Redmond Developer News.  RIP
08/29/08 Cybercrime Gets Its Game On, Forbes.
08/25/08 Software Security Market, 1 Raindrop.
08/20/08 Podcast Gary McGraw and Julia Allen: How to Start a Secure Software Development Program, CERT Podcast Series.
08/19/08 Security outbreaks an insight 2008, Ammasajan’s Weblog.  RIP
08/18/08 IT School to Watch: Indiana University, ComputerWorld.
08/12/08 Software security is all grown up (or at least walking on its own), Security Bytes.
08/12/08 Space Race, The Secure Software Zone.
08/08/08 Daniel Suarez – Daemon: Bot-Mediated Reality, The Long Now Foundation.
08/02/08 锁好数据防盗门 走出安全误区 (translation), IT168.com.
08/01/08 Zero tolerance for bugs, SD Times.  RIP
07/31/08 Podcast The state of software security, SearchSecurity.com.
07/25/08 Getting Started – put Security into your SDLC, ePrivacyAwareness.  RIP
07/16/08 Forrester Research Security Forum 2008, September 4-5, 2008 in Boston (press release), TradingMarkets.com.  RIP
07/07/08 Microsoft Talks Up SDL, Application Development Trends.  RIP
07/08/08 In Plain Text: Exploiting Online Games, Security Management.  RIP
06/30/08 Exploting Online Games, Rev Dan Catt (reader review).  RIP
06/24/08 Yikes! Vista Security to be Obliterated!, David LeBlanc’s Web Log.
06/17/08 Podcast Rise of managed security services, Security Squad podcast (13 min. in).  RIP
06/11/08 Financial Services Lead Spend in $650m Software Security Industry, A-TeamGroup.  RIP
06/10/08 Podcast Network Security Podcast, Episode 107.
06/06/08 PodcastGary McGraw on secure software development, SearchSecurity.com.
06/06/08 PodcastGary McGraw on secure software development, SearchSecurity.com.
06/04/08 Protecting the Critical Infrastructure: Beware of Crimeware, BlogInfoSec.com.
05/07/08 Newspapers – Yesterday’s News for Yesterday’s People, 1 Raindrop.
05/08 In Search of Trust, Redmond Developer News.  RIP
04/29/08 What tech book are you reading right now?, Blogus Maximus.
04/24/08 Payment Card Industry standard under attack?, SD Times.  RIP
04/07/08 Addison-Wesley Professional Showcases The New School of Information Security at RSA 2008, press release.
03/17/08 Seven categories of software security flaws, ComputerWeekly.com.
03/17/08 Making software secure from first principles, ComputerWeekly.com.
03/12/08 Criminals step into virtual world, The Gazette (Canada).
02/19/08 HiR Reading Room: Hakin9 Magazine, HiR Information Report.
02/18/08 Top 10 Podcast Episodes, Eon Security Blog.  RIP
02/07/08 Exploiting Online Games, HiR Information Report.
02/06/08 Haxx0ring 4tw, The Joshua Tree.
02/08/08 Improving Software Quality, Software Quality Assurance Engineering.
01/31/08 The Daily Incite – January 31, 2008, Security Incite.
01/28/08 Do you see seven misunderstanding Zhendong network security (translated), CSDN.
01/20/08 Online Game Security, UW Computer Security Course Blog.
01/18/08 Information security makes the silver screen, Security Bites.
01/16/08 The State of Security in MMORPGs, Slashdot.
01/16/08 MMORPG Security, WarCry Network.
01/15/08 The Daily Incite, Security Incite.
01/12/08 Top 10 Tricks to exploit SQL Server Systems, Hacking Truths.
01/10/08 Hacking & the Academy Awards, DarkReading.
01/10/08 Software Security News, System Advancements at the Monastery.
01/07/08 The Daily Incite, Security Incite.
01/07/08 The New Face of Cybercrime
01/02/08 Top IT Conversations Shows for December 2007, Phil Windley’s Technometria.
01/01/08 Security researchers warn of dangers in online games, Massively.
01/08 Best Practices to Secure Your Code, Microsoft Certified Professional Magazine (also: Redmond Developer News).  RIP
Loading posts...
Sort Gallery