Author
|
Title
|
Publication
|
Format
|
| G. McGraw, N. Fick |
Separating the Threat from the Hype: What Washington Needs to Know About Cyber Security in AMERICA’S CYBER FUTURE: SECURITY AND PROSPERITY IN THE INFORMATION AGE VOLUMES I AND II |
Center for a New Amercian Security (June 2011) |
PDF |
| G. McGraw |
Technology Transfer: A Software Security Marketplace Case Study |
IEEE Software (September/October 2011) |
PDF |
| A. Sobel, G. McGraw |
Interview: Software Security in the Real World |
Computer (September 2010) |
PDF |
| G. McGraw |
Securing Online Games: Safeguarding the Future of Software Security |
IEEE Security & Privacy(May/June 2009) |
PDF |
| G. McGraw |
How Things Work: Automated Code Review Tools for Security |
Computer (December 2008) |
PDF |
| G. McGraw, G. Hoglund |
Online Games and Security |
IEEE Security & Privacy (Sep/Oct 2007) |
PDF |
| G. McGraw |
Introduction to Identity Management Risk Metrics |
IEEE Security & Privacy (Jul/Aug, 2006) |
PDF |
| J. Epstein, S. Matsuomoto, G. McGraw |
Software Security and SOA: Danger, Will Robinson! |
IEEE Security & Privacy (Jan/Feb 2006) |
PDF |
| K. Tsipenyuk, B. Chess, G. McGraw |
Seven Pernicious Kingdoms: A Taxonomy of Software Security Errors |
IEEE Security & Privacy (Nov/Dec 2005) |
PDF |
| K.R. van Wyk, G. McGraw |
Bridging the Gap Between Software Development and Information Security |
IEEE Security & Privacy (Sep/Oct 2005) |
PDF |
| N.R. Mead and G. McGraw |
A Portal for Software Security |
IEEE Security & Privacy (Jul/Aug 2005) |
PDF |
| D. Taylor and G. McGraw |
Adopting a Software Security Improvement Program |
IEEE Security & Privacy (May/Jun 2005) |
PDF |
| S. Barnum, G. McGraw |
Knowledge for Software Security |
IEEE Security & Privacy (Mar/Apr 2005) |
PDF |
| B. Arkin, S. Stender, G. McGraw |
Software Penetration Testing |
IEEE Security & Privacy (Jan/Feb 2005) |
PDF |
| B. Chess and G. McGraw |
Static Analysis for Security |
IEEE Security & Privacy (Nov/Dec 2004) |
PDF |
| B. Potter and G. McGraw |
Software Security Testing |
IEEE Security & Privacy (Sep/Oct 2004) |
PDF |
| D. Verdon, G. McGraw |
Risk Analysis in Software Design |
IEEE Security & Privacy (July/August 2004; pp. 32-37) (Building Security In) |
PDF |
| G. McGraw, G. Hoglund |
Exploiting Software: The Achilles’ Heel of CyberDefense |
CyberDefense Magazine (June 2004) |
PDF |
| P. Hope, G. McGraw, A. Anton |
Misuse and Abuse Cases: Getting Past the Positive |
IEEE Security & Privacy (May/Jun 2004) |
PDF |
| G. McGraw, et al. |
Processes to Produce Secure Software |
National Cyber Security Summit |
PDF |
| G. McGraw |
Software Security |
IEEE Security & Privacy (March/April 2004; Volume 2, Number 2, pp. 32-35) |
PDF |
| G. McGraw, P. Hope, A. Anton |
Misuse and Abuse Cases: Getting Past the Positive |
IEEE Security & Privacy (March/April 2004; Vol. 2, No. 3, pp. 32-34) (Building Security In) |
PDF |
| G. McGraw |
Building Secure Software: Better than Protecting Bad Software |
IEEE Software (November/December 2002; Vol. 19, No. 6, pp. 57-59) (Point/Counterpoint with Greg Hoglund) |
PDF |
| G. McGraw, J. Viega |
Operating systems and authentication technologies |
IBM developerWorks (Feb 1, 2002) |
HTML |
| G. McGraw, J. Viega |
Choosing a programming language and a distributed object platform |
IBM developerWorks (Feb 1, 2002) |
HTML |
| G. McGraw, J. Viega |
Protecting passwords: Part 2 |
IBM developerWorks (September 2000) |
HTML |
| G. McGraw, J. Viega |
Protecting passwords: Part 1 |
IBM developerWorks (August 2000) |
RIP |
| G. McGraw, T. O’Connor |
Make your software behave: Cryptography essentials |
IBM developerWorks (July 2000) |
HTML |
| G. McGraw, J. Viega |
Make your software behave: Tried and true encryption |
IBM developerWorks (Jun 1, 2000) |
HTML |
| G. McGraw, J. Viega |
Make your software behave: Software strategies |
IBM developerWorks (May 2, 2000) |
RIP |
| G. McGraw, J. Viega |
Make your software behave: Everything to hide |
IBM developerWorks (May 18, 2000) |
HTML |
| G. McGraw, J. Viega |
Make your software behave: Playing the numbers |
IBM developerWorks (Apr 4, 2000) |
HTML |
| G. McGraw, J. Viega |
Make your software behave: Beating the Bias: How to approach truly random number generation through hardware |
IBM developerWorks (Apr 1, 2000) |
HTML |
| G. McGraw, J. Viega |
Make your software behave: CGI programming made secure |
IBM developerWorks (Mar 28, 2000) |
HTML |
| G. McGraw, J. Viega |
Make your software behave: An anatomy of attack code |
IBM developerWorks (Mar 21, 2000) |
HTML |
| G. McGraw, J. Viega |
Software security principles, Part 5: On keeping secrets, trusting others, and following the crowd |
IBM developerWorks (December 2000) |
RIP |
| G. McGraw, J. Viega |
Software security principles, Part 4: Keep it simple; keep it private |
IBM developerWorks (December 2000) |
RIP |
| G. McGraw, J. Viega |
Software security principles: Part 2: Defense in depth and secure failure |
IBM developerWorks (November 2000) |
RIP |
| G. McGraw, J. Viega |
Software security principles, Part 3: Controlling access: Least privilege and compartmentalization |
IBM developerWorks (November 2000) |
RIP |
| G. McGraw, J. Viega |
Make your software behave: Security by obscurity |
IBM developerWorks (October 2000) |
RIP |
| G. McGraw, J. Viega |
Software security for developers: One-time pads |
IBM developerWorks (October 2000) |
RIP |
| G. McGraw, J. Viega |
Software security principles: Part 1: The chain is only as strong as its weakest link |
IBM developerWorks (October 2000) |
RIP |
| G. McGraw, J. Viega |
Make your software behave: Learning the basics of buffer overflows |
IBM developerWorks (Mar 1, 2000) |
HTML |
| G. McGraw, J. Viega |
Make your software behave: Preventing buffer overflows |
IBM developerWorks (Mar 7, 2000) |
RIP |
| G. McGraw, J. Viega |
Make your software behave: Brass tacks and smash attacks |
IBM developerWorks (Mar 14, 2000) |
HTML |
| G. McGraw, J. Viega |
Make your software behave: Assuring your software is secure |
IBM developerWorks (Feb 28, 2000) |
HTML |
| B. Arkin, F. Hill, S. Marks, M. Schmid, T.J. Walls, G. McGraw |
How We Learned to Cheat in Online Poker: A Study in Software Security |
Developer.Com, 09/28/99. |
PDF |
| G. McGraw, J. Viega |
Making software behave |
IBM developerWorks (Sep 28, 1999) |
HTML |
| G. McGraw, J. Viega |
Why COTS Software Increases Security Risks |
ICSE Workshop on Testing Distributed Component-Based Systems, May 1999. |
PDF |
| G. McGraw |
Software Assurance for Security |
IEEE Computer 32(4), pages 103-105. April 1999. |
PDF |
| G. McGraw and E. Felten |
Mobile Code and Security |
Editors, IEEE Internet Computing, November/December 1998. |
PDF |
| G. McGraw, K. Sullivan |
Massive Games of Artificial Life on the Internet: A Testbed for Research on Survivability Architectures |
Proceedings of the Information Survivability Workshop, October 28-30 1998, Orlando, FL. |
PDF |
| G. McGraw and C. Michael |
Automated Software Test Data Generation for Complex Programs |
Proceedings of the 13th IEEE Automated Software Engineering Conference, October 13-16, 1998, Honolulu, Hawaii. |
PDF |
| A. Ghosh, G. McGraw |
An Approach for Certifying Security in Software Components |
Proceedings of the 21st National Information Systems Security Conference, October 5-8, 1998, Crystal City, VA. |
PDF |
| A. Ghosh, T. O’Connor, G. McGraw |
An Automated Approach for Identifying Potential Vulnerabilities in Software |
Proceedings of the IEEE Symposium on Security and Privacy, Oakland, CA. May 3-6, 1998, pp. 104-114. |
PDF |
| G. McGraw |
Testing for Security During Development: Why we should scrap penetrate-and-patch. |
IEEE Aerospace and Electronic Systems, April 1998. |
PDF |
| C. Michael, G. McGraw, M. Schatz, and C. Walton |
Genetic Algorithms for Dynamic Test Data Generation |
In Proceedings of IEEE International Automated Software Engineering Conference (ASE97), November 3-5, 1997. |
PDF |
| J. Voas, G. McGraw, L. Kassab, L. Voas |
Fault-injection: A Crystal Ball for Software Quality |
IEEE Computer, June 1997, Volume 30, Number 6, pp. 29-36. |
PDF |
| J. Voas, G. McGraw, A. Ghosh |
Reducing Uncertainty About Survivability |
Proc. of the 1997 Information Survivability Workshop, February 12-13, 1997, San Diego, CA |
PDF |
| J. Voas, A. Ghosh, G. McGraw, K.Miller |
Glueing Together Software Components: How Good is Your Glue? |
Proceedings of Pacific Northwest Software Quality Conference, October, 1996. |
PDF |
| G. McGraw, D. Hofstadter |
Emergent Letter Perception: Implementing the Role Hypothesis |
Proceedings of the 18th Annual Conference of the Cognitive Science Society, July 1996. |
PDF |
| G. McGraw, C. Michael |
Automatic Generation of Test-Cases for Software Testing |
Proceedings of the 18th Annual Conference of the Cognitive Science Society, July 1996. |
PDF |
| G. McGraw, D. Hovemeyer |
Untangling the Woven Web: Testing Web-based Software |
Proceedings of the 13th International Conference on Testing Computer Software (ICTCS), June 1996. |
PDF |
| G. McGraw, A.K. Ghosh |
Developing Expertise in Software Security: An Outsider’s Perspective |
In working notes of the Invitational Workshop on Computer Vulnerability Data Sharing, NIST, June 1996. |
PDF |
| A.S. Binns, G. McGraw |
Building a Java Software Engineering Tool for Testing Applets |
Proceedings of the IntraNet 96 NY Conference, April 8-10, 1996, New York City. |
PDF |
| J. Voas, G. McGraw, A.K. Ghosh, F. Charron, K. Miller |
Defining an Adaptive Software Security Metric from a Dynamic Software Failure-tolerance Measure |
Proceedings of the 11th Annual Conference on Computer Assurance (COMPASS’96) |
PDF |
