Press

I am very pleased when people notice my work and talk about it. Part of my life as a technologist is to help cut through reams of security baloney and explain things as clearly as possible to normal people in everyday language.

Over the years, my work has been extensively covered in the popular press. I am most proud of a long interview in The Wall Street Journal entitled How to Make Safer Software published Monday July 18, 2005 as well as several appearances on TV, including a segment on MSNBC February 24, 2013.

I welcome press contact and continue to interact with the press on a regular basis.

Gary McGraw discusses Cyber War during "Up with Chris Hayes" 2.24.13 on MSNBC

https://youtu.be/TQ8bgNOWscs?t=3m21s

Press Archive

Here is a sample of some other press stories.

2019-2024

2/21/2024	Episode 256: Recursive Pollution? Data Feudalism? Gary McGraw On LLM Insecurity, Security Ledger Podcast, Episode 256, Paul Roberts
2/14/2024	Microsoft says US rivals are beginning to use generative AI in offensive cyber operations, Associated Press
2/6/2024	Decipher Podcast: Gary McGraw on AI Security, Decipher Security Podcast, Dennis Fisher
1/29/2024	NIST joins “proceed with caution” chorus on AI, Medium blog, Taylor Armerding
1/24/2024	For AI Risk, ‘The Real Answer Has to be Regulation, Decypher, Dennis Fisher
1/24/2024	Researchers Map AI Threat Landscape, Risks, darkreading (lemos)
1/24/2024	Machine Learning Think Tank Warns of Serious Risks With Large Language Models, EIN News Press Release, BIML
1/19/2024	First Step in Securing AI/ML Tools Is Locating Them, darkreading
11/27/2023	EP150 Taming the AI Beast: Threat Modeling for Modern AI Systems with Gary McGraw, Google cloud security podcast, Episode 150
11/4/2023	White House AI Executive Order Puts Focus on Cybersecurity, Decipher (duo.com)
10/26/2023	IriusRisk Brings Threat Modeling to Machine Learning Systems, darkreading
8/18/2023	PKI Maturity Model Aims to Improve Crypto Infrastructure, darkreading (lemos)
8/13/2023	Don’t expect quick fixes in ‘red-teaming’ of AI models. Security was an afterthought, Associated Press
4/20/2023	Expert Insight: Dangers of Using Large Language Models Before They Are Baked, darkreading
2/3/2023	AI code assistants need security training, readme security (robert lemos)
1/23/2023	ChatGPT embraced by hackers, but some AI experts say it’s not botmageddon—yet, medium
1/11/2023	Better Phishing, Easy Malicious Implants: How AI Could Change Cyberattacks, darkreading
12/17/2022	Welcome, Font Robots, medium
2/15/2022	Machine Learning in 2022: Data Threats and Backdoors?, darkreading
2/2/2022	Expert Insights: Training the Data Elephant in the AI Room, darkreading
9/23/2021	IriusRisk expands its Technical Advisory Board with three new members, HelpNet Security
4/27/2021	Expect an Increase in Attacks on AI Systems, darkreading
4/27/2021	DtSR Episode 444 – TPA Gary is Awful at Retirement, Down the Security Rabbit Hole Podcast
3/30/2021	Gary McGraw on Building Secure AI Systems and His 20-Year Battle to Improve Software Security, MissionNorth
3/30/2021	In Clarke County, a small research group is working to make technology more secure, Winchester Star
3/29/2021	In wake of giant software hacks, application security tactics due for an overhaul, SC Magazine
3/26/2021	SolarWinds CEO gives chief security officer authority and air cover to make software security a priority, TechRepublic
3/26/2021	In Wake of Solarwinds Breach, the Challenge of Building Secure Software Remains, decipher
3/25/2021	Cocktails and Architecture (webinar), Irius Risk
1/29/2021	Berryville Institute of Machine Learning (BIML) Gets $150,000 Open Philanthropy Grant, darkreading
1/26/2021	Dr Gary McGraw Appointed to IriusRisk Threat Modeling Technical Advisory Board, Infosecurity Magazine
9/25/2020	Letter: Scare tactics have nothing to do with car repair, Boston Herald, September 25, 2020
6/12/2020	Cyberthreats in 2025 (a roundtable discussion), IEEE Computer 53(6), June 2020
4/13/2020	Next Front for Computer Security: Machine Learning, IEEE Innovation Spotlight
4/9/2020	15. How to secure AI against bad actors, We Wonder Podcast
3/31/2020	Episode 180: Gary McGraw on Machine Learning Security Risks, Security Ledger Podcast
3/11/2020	Security Guru Gary McGraw on What’s Needed To Secure Machine Learning Apps, Pure AI
2/21/2020	Want to improve quality and security of machine learning? Design it better, Medium
2/14/2020	BIML Releases First Risk Framework for Securing Machine Learning Systems, Cyberwire
2/13/2020	Architectural Analysis IDs 78 Specific Risks in Machine-Learning Systems, darkreading
1/25/2020	Tech expert: Don’t overlook security in rush to adopt AI, Winchester Star
1/23/2020	Expert: Don’t overlook security in rush to adopt AI, Northern Virginia Daily
1/22/2020	Security of machine learning topic of LFCC’s next Tech Bytes, Winchester Star
1/20/2020	LFCC talk to focus on technology, Fauquier Times
1/20/2020	Security of machine learning topic of next Tech Bytes, Northern Virginia Daily
7/17/2019	FTC’s “Nixing the Fix” Workshop hears concerns raised by Right to Repair advocates, Medium
7/16/2019	FTC’s Nix the Fix workshop video (see 1:39 for remarks), US Federal Trace Commission
4/30/2019	LEADING CYBER-SECURITY EXPERTS ENDORSE RIGHT TO REPAIR, US PIRG
4/30/2019	Introducing Securepairs.org: A Group of Security Professionals Who Support Right to Repair, IFixITOrg
3/22/2019	A conversation with software security pioneer Gary McGraw, Security Voices
1/17/2019	Local Habitat for Humanity chapter sees growth, Winchester Star

2018

12/11/2018	Security 2019 Predictions (Part 6), DZone
12/9/2018	120 AI Predictions For 2019, Forbes
11/12/2018	What Can Retail Software Security Initiatives Gain from the BSIMM?, ITQuick
11/7/2018	Lessons from BSIMM 9: How cloud affects software security, TechBeacon
11/6/2018	SSD encryption security failures revealed by researchers, SC UK
10/27/2018	How To Prevent Your Business Becoming Collateral Damage Of Geopolitical Cyber Conflict, Forbes
10/19/2018	BSIMM9: A Decade of Software Security Science, Dzone
10/18/2018	Collective Intelligence Podcast, Gary McGraw on BSIMM9 and Supply Chain Security, Collective Intelligence Podcast
10/17/2018	Data science is changing how cybersecurity teams hunt threats, siliconrepublic
10/16/2018	BSIMM9 Study Highlights Impact of Cloud Transformation and Growth of Software Security Community, IT Security Guru
10/10/2018	Russian Cyber Attacks: Is the West Vulnerable?, Defence iQ
10/10/2018	Podcast: Key Takeaways For DevOps in BSIMM9, ThreatPost
10/9/2018	Cybersecurity: Not Just “A” Job – Many Jobs Of The Future, Forbes
10/9/2018	Google+ Privacy Snafu Leaves a Cloud Over the Tech Landscape, ThreatPost
10/3/2018	BSIMM9: Not a how-to but a roadmap to a better SSI, Security Boulevard
10/3/2018	Cloud, Containers, Orchestration Big Factors in BSIMM9, ThreatPost
10/3/2018	Latest Building Security In Maturity Model reflects software security initiatives of 120 firms, HelpNetSecurity
10/2/2018	Synopsys study highlights growth of software security community, Intelligent CISO
10/2/2018	Episode 114: Complexity at Root of Facebook Breach and LoJax is a RAT You Can’t Kill, Security Ledger
10/2/2018	Building Security in Maturity Model Expands for Cloud Era, eWeek
10/2/2018	Software Security Best Practices Are Changing, Finds New Report, ECT News Network
10/1/2018	Industry experts comment on Facebook security breach, intelligent CISO
9/29/2018	2.2 billion Facebook users must log out, re-login across devices: Experts, Times Now News.com
9/29/2018	Industry Leaders Reaction on Recent Facebook Hack, Information Security Buzz
9/29/2018	2.2 bn Facebook users must log out, re-login across devices: Experts, The Asian Independent
9/28/2018	Things get ‘seriously’ insecure yet again for Facebook, Security Boulevard
9/28/2018	Massive Facebook Breach Affects 90 Million Accounts, the Security Ledger
9/28/2018	Facebook Data Breach Impacts Almost 50 Million Accounts, ThreatPost
9/28/2018	ZUCKED UP Facebook hack LATEST – attackers got complete access to 50MILLION accounts’ profiles, posts, photos and messages in security breach, The Sun
9/28/2018	U.S. Vows To Go On Cyber Offense, Forbes
9/19/2018	US State Department Suffers Email System Breach, Silicon
9/19/2018	State Department Email Breach Hit Hundreds of Staff, InfoSecurity
9/18/2018	State Department confirms Data Breach, BW CIO World
8/20/2018	6 common habits that put you at risk for identity theft, NBC News
8/17/2018	Oracle Open-Sources GraphPipe to Support ML Development, ECT News Network
7/12/2018	Ghostbusters 2: how to deal with Spectre, the sequel, SC media UK
6/28/2018	Exactis Leaks Personal Information Database with 340 million Records, FIRE news
6/28/2018	Exactis Leaks Personal Information Database with 340 million Records, Businessworld CIO world
6/22/2018	No more selling mobile location data, promise carriers, TechTarget
6/1/2018	Federal cybersecurity report says nearly 75% of agencies at risk, TechTarget
5/22/2018	The four types of chief information security officers, livemint
5/8/2018	Shopper or shoplifter: Origins of the browser part 1, ITProPortal
5/8/2018	Build security into software up front: Believe it or not, it’s cheaper and faster, helpnetsecurity
4/10/2018	Cyber Expert Defines CISO ‘Tribes,’ Talks Software Life Cycle, Cyber Security Hub
4/10/2018	Task Force 7 Radio, episode 27 (starts 18:30), TF7Radio
3/21/2018	The State of SecOps 2018: Your security team matters most, Techbeacon
2/28/2018	The State of Application Penetration Testing, darkreading
2/8/2018	AutoSploit: Making Massive Cyber Attacks Too Easy?, eSecurityPlanet
2/1/2018	Software security measuring stick takes off, but is it all that?, TechBeacon
1/30/2018	Collective Intelligence Podcast, Episode 1 Gary McGraw, Collective Intelligence Podcast
1/17/2018	Two-year study explores the roles of information security leaders and how they are affected by organizational dynamics, Electronics Media
1/12/2018	The Week In Review: Design, Semiconductor Engineering
1/17/2018	Which CISO ‘Tribe’ Do You Belong To?, Dark Reading

2017

12/22/2017	Predictions A – Z for 2018 – Dystopian or Utopian dawn?, SC Media UK
12/21/2017	Looking ahead in 2018 – Software integrity, automation and skills upgrading, FintechAsia
11/13/2017	With eroding perimeters, will software defend against cyber threats?, Medium
11/1/2017	US government wants “keys under doormat” approach to encryption, Naked Security
10/31/2017	Leukemia Cup: Celebrating 25 years of service, Scuttlebutt Sailing News
10/18/2017	SingCERT issues recommendations to enhance security of Wi-Fi systems in Singapore, Connected to India
10/18/2017	SingCERT recommends steps to secure Wi-Fi networks, International Business Times
10/18/2017	All Wi-Fi at Risk from Krack Attack, BW CI World
10/17/2017	Major Wi-Fi security flaw affects billions worldwide, including almost every Internet user in Singapore, The Business Times (Singapore)
10/17/2017	Hacks, Electronics Weekly
10/17/2017	WPA2 weakness means that every modern Wi-Fi network may be subject to attack, Continuity Central
10/17/2017	How to protect your Wi-Fi network from a Krack attack, Computer Weekly
10/17/2017	Major Wi-Fi security flaws affect billions worldwide, including almost every Internet user in Singapore, The Straits Times (Singapore)
10/5/2017	Russian Hackers Pilfered Data from NSA Contractor’s Home Computer: Report, Darkreading
10/5/2017	Fighting the cyber war in the digital age, What Investment
9/29/2017	Fighting the cyber war in the digital age, Information Age
9/21/2017	GARY MCGRAW ON BSIMM8 AND SOFTWARE SECURITY, ThreatPost Podcast
9/21/2017	Benchmarking Critical Exercise in Early Stages of Software Security: BSIMM8, darkreading
9/21/2017	Software Security Maturity Ticks Upward in 2017, InfoSecurity Group
9/21/2017	New security data from Synopsys, cloud trends from DigitalOcean and a new APM tool from ZeroTurnaround — SD Times News Digest: September 21, 2017, SD Times
9/21/2017	BSIMM8 Study Reinforces Benchmarking as a Critical Exercise in Early Stages of Software Security Initiatives, Business Insider
9/21/2017	Never too early: Synopsys’ BSIMM8 study champions benchmarking in the early stages of Software Security Initiatives, IT Security Guru
9/20/2017	CLOUD-FOCUSED FIRMS EARN HIGH MARKS FOR SOFTWARE SECURITY IN BSIMM8 REPORT, ThreatPost
9/12/2017	The three big questions Equifax hasn’t answered, Craig Timberg in the Washington Post
9/8/2017	Equifax data breach affects up to 143 million US consumers, Information Age
9/8/2017	Web App vulnerability enables Equifax breach affecting up to 143m in US, SC Media
9/8/2017	143 million could be affected by Equifax database hack, Mortgage Finance Gazette
8/7/2017	Congress looks to take the wheel on autonomous vehicles, Naked Security by Sophos
4/25/2017	APPSEC CA 2017 INTERVIEW – Gary McGraw, OWASP video
4/21/2017	Episode 44: Gary McGraw Knows Software Security, The Impact Podcast \| Tech Trends for Entrepreneurs
4/3/2017	Free learning resources and tools for security savvy developers, SDTimes
3/21/2017	Q&A: Technology Expert AND UVa Grad Gary McGraw Talks Cybersecurity, UVA Today
3/1/2017	On the Wire Podcast: Gary McGraw, Heard On The Wire Podcast with Dennis Fisher
2/17/2017	What hackers can learn from Frank Zappa and T.C. Boyle, The Parralax
2/13/2017	GARY MCGRAW: SECURITY IS HARD WORK, Cyber Security Interviews podcast episode 13
2/12/2017	ITSPmagazine chats with Gary McGraw, Cigital CTO during AppSec California, ITSP Magazine, video

2016

10/12/2016	Gary MCGraw on BSIMM7 and Secure Software Development, ThreatPost Podcast
10/11/2016	BSIMM7: Older then, younger now, CSOonline
10/6/2016	Taking down the internet: possible but how probable?, CSOonline
10/4/2016	BSIMM Shows Secure Software Development Making Inroads, darkreading
10/4/2016	Cigital’s BSIMM7 finds new industries taking on security challenges, SDTimes
10/4/2016	CLOUD, IOT BIG FACTORS IN ANNUAL BSIMM 7 REPORT, ThreatPost
07/13/2016	OCR’s HIPAA guidance on ransomware puts pressure on providers, Health Data Management
07/12/2016	Killing the password: FIDO says long journey will be worth it, CSO
05/24/2016	McGraw, Lohrmann, Stiennon Talk About How Washington Needs To Focus On Building Better Cyber Defenses, M2 TechCast
04/18/2016	Hack the Pentagon: Better if DoD made its systems secure in the first place, RT
04/11/2016	Some skeptical of Defense Department’s Hack the Pentagon pilot, San Francisco Chronicle
04/05/2016	5 Ways Cyber Experts Think the FBI Might Have Hacked the San Bernardino iPhone, IEEE Spectrum.
03/12/2016	Who Are the Bad Guys and What Do They Want?, O’Reilly.
03/02/2016	SSL ‘DROWNs’ In Yet Another Serious Security Flaw, darkreading.
02/09/2016	Medical Device, Health Care Security Continues to Ail, threatpost.
02/09/2016	Perspectives on the State of Software Security with Dr. Gary McGraw, IEEE Cyber Security.
02/03/2016	CERT Podcast Interview: Building Security In Maturity Model (BSIMM) – Practices from Seventy Eight Organizations, CERT.
01/05/2016	Microsoft’s New Security Approach, Redmond Magazine.
01/05/2016	The worst languages for app security bugs (and how to fix them), TechBeacon.

2015

12/24/2015	Juniper firewall backdoors add fuel to encryption debate, Tech Target.
12/23/2015	Listen up, FBI: Juniper code shows the problem with backdoors, InfoWorld.
12/31/2015	2015: Security remains a stepchild, SD Times.
12/28/2015	Facing the future of software testing one change at a time, Tech Target.
12/13/2015	The Price of the Wearable Craze: Less Data Security, NBC News.
12/08/2015	Auto Cash Management newsletter.
11/24/2015	BSIMM’s Data-driven Approach to Software Security, eSecurity Planet.
11/23/2015	SAFECode Releases Framework For Assessing Security of Software, DarkReading.
11/16/2015	Ted Koppel: Apocalypse likely, CSO.
11/10/2015	Adobe Flash Bug Discovery Leads To New Attack Mitigation Method, Dark Reading.
11/09/2015	Healthcare In Last Place According To Security Maturity Model, BusinessSolutions.
10/31/2015	Tough and Tougher: IoT Security and Privacy, Iot-Inc.
10/28/2015	Gary McGraw on BSIMM6 and Software Security, Threatpost.
10/22/2015	Healthcare organisations fall short on software security, Techcentral.
10/21/2015	Health care orgs fall short on software security, MIS-Asia.
10/21/2015	Security information sharing gets even bigger with BSIMM6, MIS-Asia.
10/21/2015	Healthcare has ‘plenty to learn from other industries’ about software security, CMIO.
10/20/2015	Healthcare Security Benchmarked for First Time, Health Data Management.
10/20/2015	Measuring Secure Software Maturity, Forbes.
10/20/2015	Health care orgs fall short on software security, InfoWorld.
10/19/2015	Security Capability Engineering, 1 Raindrop.
10/19/2015	New study shows healthcare lagging behind in software security, Health Management Technology.
10/19/2015	No more guessing how your appSec ranks against your peers, Linkedin.
10/19/2015	HIPAA Not Helping’: Healthcare’s Software Security Lagging, Darkreading.
10/19/2015	Latest BSIMM Data Puts Health Care Back of the Pack, Threatpost.
10/19/2015	Cigital’s BSIMM6 finds software security lagging in industry, SD Times.
10/2/2015	EMV sets the stage for a better payment future, Network World.
10/2/2015	EMV sets the stage for a better payment future, InfoWorld.
9/22/2015	Free Tool Helps Companies Measure And Map Their Bug Reporting Programs, Dark Reading.
9/14/2015	We can still ‘Nail’ security in the IoT, Computer World.
9/11/2015	Gary McGraw on Scalable Software Security and Medical Device Security, Threatpost.
6/22/2015	Net of Insecurity: A disaster foretold and ignored, The Washington Post.
5/22/2015	Is security really stuck in the Dark Ages?, CSO Online.
5/21/2015	RSA 2015 -Gary McGraw Part 3: Internet of Things, Tech Target
5/21/2015	RSA 2015 – Gary McGraw Part 2: Cover your Portfolio (3D), Tech Target.
5/21/2015	RSA 2015 – Gary McGraw Part 1: IEEE CSD, Tech Target.
4/10/2015	Calls to make software designers liable for security weakness, Financial Times.
4/8/2015	Implantable Devices: Medical Devices Open to Cyber Threats, Risk & Insurance.
4/1/2015	Zone of protection: Hacker havens, SC Magazine.
3/30/2015	Meet the Bitter Liberals, Style Weekly.
2/24/2015	If you could go back in time…, CSO Online.
2/23/2015	RASP helps apps protect themselves, but is it ready for the enterprise?, Search CIO.
2/12/2015	Report: Microsoft packing more patches into fewer bulletins, CSO Online.
2/10/2015	Tracing cyber attacks: More than a game of Clue, IT World Canada.
2/9/2015	Whodunit? In cybercrime, attribution is not easy, CSO Online.
2/2/2015	28: Securing our Web Applications, The Web Platform Podcast.
2/1/2015	Software Security – A Study in Technology Transfer, InfoQ.
1/12/2015	2015 Enterprise Dev Predictions, Part 2: Convergence, Security, Automation and Analytics, ADT

2014

12/3/2014	Don’t Expect A Physical Threat From Iranian Cyberwarriors Anytime Soon, Nextgov.
11/11/2014	Does your system design eliminate the top 10 software security flaws?, Search Security.
9/19/2014	OWASP AppSecUSA 2014 – Keynote: Gary McGraw – BSIMM: A Decade of Software Security
9/4/2014	The Myth Of The Private Naked Selfie, NPR.
9/3/2014	Gary McGraw on the IEEE Center for Secure Design, Threatpost.
9/2/2014	IEEE: Top Ten Software Security Design Flaws, Dr. Dobb’s.
9/2/2014	Bugs Are Bad, But So Are Flaws: IEEE Sponsors Center for Secure Design, ADT Mag.
8/29/2014	IEEE Computer Society shares top security design flaws, SC Magazine.
8/29/2014	Focus is on software security design flaws, Information Security Soultions. RIP
8/29/2014	Focus is on software security design flaws, Datacentre Solutions. RIP
8/28/2014	The IEEE Center for Secure Design Reveals Top Ten Most Significant Software Security Design Flaws, Information Security Buzz.
8/28/2014	IEEE Guides Software Architects Toward Secure Software Design, Threatpost.
8/28/2014	IEEE reveals Top 10 software security design flaws (and how to avoid them), SD Times.
8/27/2014	IEEE Report Reveals Top 10 Software Security Design Flaws, Security Week.
8/27/2014	The top 10 security software design flaws and how to avoid them, Betanews.
8/27/2014	Google, Twitter and HP take the fight to the world’s top security flaws, ITProPortal.
8/27/2014	Google, Twitter, Intel and Others Form IEEE’s Software Design Center, InfoSecurity Magazine.
8/27/2014	Developers, Academia Team Up on Manual for Secure Software Design, eWeek.
8/27/2014	10 Common Software Security Design Flaws, Dark Reading.
8/27/2014	10 most significant software security design flaws, Help Net Security.
8/27/2014	Security experts identify top 10 software design flaws, ComputerWeekly.
8/27/2014	IEEE Center for Secure Design wants tech industry to stop ‘doing dumb stuff’, TechWorld.
8/13/2014	Yes, medical device security is lousy – so what?, NetworkWorld.
8/13/2014	Yes, medical device security is lousy – so what?, CSO.
8/7/2014	CSG Invotas Names Gary McGraw to Advisory Board, MarketWatch.
8/2/2014	What’s Bugging Cigital on Security Analysis of Medical Devices, Archimedes Research Center for Medical Device Security.
7/29/2014	New Cybersecurity Primer by the Center for a New American Security, Just Security.
7/29/2014	Security is Front and Center for Developers, SD Times.
7/24/2014	Some Things Should be Banned from the Internet of Things, Nextgov.
7/22/2014	Evaluate Aspiring Cyberwarriors Using Gaming, Not Grades, Nextgov.
7/21/2014	Living with Cyber Insecurity: Reducing the National Security Risks of America’s Cyber Dependencies, Lawfare.
6/10/2014	Security Survey Reflects Awareness, but Little Action on New Threats, The Wall Street Journal – CIO Journal.
5/28/2014	Report: Health-Care Sector Ranks Below Retail in Cybersecurity, The Wall Street Journal – CIO Journal.
5/7/2014	BSIMM and Building Software More Securely, BBC Radio. RIP
5/6/2014	Open Source: Thin Line Between Collaboration, ‘Chaos’, The Wall Street Journal – CIO Journal.
5/6/2014	The Morning Download: Patching Open Source Software Involves ‘Chaos’, The Wall Street Journal – CIO Journal.
4/11/2014	Here are the options with Heartbleed-flawed networking gear (Hint: there aren’t many), CSO.
4/08/2014	Microsoft XP’s massive cybersecurity problem, Politico.
3/21/2014	Episode 366: Interview with Gary McGraw, Security Weekly TV.
3/15/2014	Bug Parades, Zombies, and the BSIMM: A Decade of Software Security, Keynote Presentation at Booster Con.
3/13/2014	Google Glass: Evil by design? En kort reflektion fran Booster, inuseful.
3/11/2014	Bad Ads Outstrip Porn as Mobile Phone Infection Vectors, TechNewsWorld.
3/07/2014	Descending Into the Maelstrom – Notes on RSA Conference 2014, Carnegie Mellon CyBlog.
2/22/2014	Time for Enterprise IT to declare defeat in the Security war?, HP Discover Performance Weekly.
2/20/2014	Microsoft Goes Live with Office 365 Message Encryption, Redmond Magazine.
2/07/2014	Cyber War, Cyber Peace, Stones, and Glass Houses, James Madison University Distinguished Lecture.
1/23/2014	Why smart users are the key to secure online banking, CSO.
1/14/2014	The RSA Conference boycott is nonsense, Computerworld.
1/09/2014	After Snowden, Computerworld.

2013

12/09/2013	DevOps and Application Security: People You Need to Know, Trusted Software Alliance.
11/13/2013	Healthcare.gov will eventually be functional, but how secure?, CSO.
11/05/2013	Long live perimeter security, CSO.
11/04/2013	5 Obamacare Website Failures That Could Have Been Avoided, CRN.
11/01/2013	Gary McGraw on BSIMM-V and Software Security, Threatpost.
11/01/2013	Cigital boosts latest BSIMM software security tool with expanded list of firms, Techworld.
11/01/2013	BSIMM-V: Software Security is Becoming Mainstream, EMC Product Security Blog.
10/30/2013	BSIMM Advancing Software Security, eSecurity Planet.
10/30/2013	Building Security In Maturity Model: Version 5 Released, Infosecurity Magazine.
10/30/2013	Software Security Maturity Plods Along, Dark Reading.
10/30/2013	BSIMM-V Examines Software Security Practices of 270,000 Developers, SecurityWeek.
10/10/2013	Gary McGraw featured on The Price of Business, The Price of Business with Kevin Price.
10/01/2013	Dulles’ Cigital Gets $50 Million Payday to Buy Off Early Investors, Expand, InTheCapital.
10/01/2013	Preview of ‘Why Is Software Still So Bad?’ Event in Atlanta, Results Matter Radio.
10/01/2013	Cigital Making A Move To Atlanta, AJC Tech Biz.
10/01/2013	Cigital Secures $50M Investment from LLR Partners, Cigital.com.
10/01/2013	Shattered Trust: IT Survey Shows PRISM Allegations Have Brought Cloud Misgivings, Redmond Magazine.
09/28/2013	International Tech Company Bullish on Bloomington, Inside INdiana Business Television.
09/17/2013	HP Protect 2013 Keynote: “Bug Parades, Zombies, and the BSIMM: A decade of software security”, HP Protect 2013.
09/17/2013	HP Protect 2013 keynote interview with Dr. Gary McGraw, HP Protect 2013.
09/15/2013	Is cyberwar really war?, The Boston Globe.
08/28/2013	Gary McGraw – Security and the Complexity of Today’s Software, Trusted Software Security Alliance – 50 in 50 Interview Series.
08/23/2013	How to close the IT security skills gap, HP – Discover Performance. RIP
08/06/2013	The Inside Story with Gary McGraw, IEEE Computer Society.
07/23/2013	Senators pushing business-backed cybersecurity bill, The Washington Times.
07/23/2013	Kelly Services CIO Emphasizes Cybersecurity, Wall Street Journal CIO Report.
07/14/2013	BSIMM, Embedded Controls, and More with Gary McGraw, Tech Talk With Craig Peterson. RIP
07/04/2013	Hacking competitions seek cybersecurity superstars, BBC News.
06/17/2013	Why we can’t stop malicious insiders, CSO.
06/17/2013	NSA data collection programs demand discussion, scrutiny, SearchSecurity.
06/07/2013	Indiana University Alumni Spotlight: Dr. Gary McGraw, Indiana University Cognitive Science News.
04/25/2013	Indiana University School of Informatics Career Achievement Award: Gary E. McGraw
04/22/2013	Chinese Hackers, ‘Active Defense’ and Other Bad Ideas, Information Security.
04/15/2013	How I Got Here: Gary McGraw, Threatpost.
04/11/2013	Use VBSIMM software security model when buying software, SearchSecurity.
04/08/2013	Mobile app security issues demand trustworthy computing, SearchSecurity.
03/21/2013	Flaw Leaves EA Origin Platform Users Open to Attack, Threatpost.
03/19/2013	America’s cyber war weak spot, Reuters.
03/12/2013	Gary McGraw on evolution of BSIMM maturity framework, SearchSecurity.
03/08/2013	Zombies and the BSIMM: A Decade of Software Security, RSA Conference 2013.
03/08/2013	Mobile app security issues demand trustworthy computing, SearchSecurity.
03/07/2013	Managing Security Risk, the CSO Panel at RSA, Computing Now – IEEE Computer Society.
03/05/2013	CISO Panel: Speaking Klingon to Captain Kirk, Application Development Trends.
03/05/2013	Despite Latest Threats, Microsoft’s Cyber Czar Optimistic About IT Security, Redmond.
02/22/2013	Everyone knew what China was doing — now what?, InfoWorld.
02/19/2013	Chinese Army link to hack no reason for cyberwar, CSO.
02/06/2013	2013 Challenges for Developers, Part III: Future Challenges, Application Development Trends.
01/29/2013	Pentagon hiring binge won’t guarantee more security, CSO.
01/22/2013	Deb Shinder’s Blog: Thirteen principles to ensure enterprise system security, WindowSecurity.com. RIP
01/10/2013	While the cyber war tail wags the national security dog, software security offers a different path to cyber peace, CSO.

2012

12/21/2012	Will BSIMM 4 Improve Software Security?, InternetNews.com.
12/20/2012	Software Security: BSIMM’s Holistic Approach, eSecurityPlanet.
12/20/2012	BSIMM’s gift: The 12 security days of Christmas, CSO.
12/20/2012	BSIMM’s gift: The 12 security days of Christmas, PC Advisor.
12/18/2012	HP sheds light on enterprise giants’ security know-how, V3.co.uk.
12/14/2012	Smart TV hack highlights risk of ‘The Internet of Everything’, CSO.
12/11/2012	The cyberwar doctrine debate: Meaningful without international sign on?, Network World.
12/03/2012	Gary McGraw gives industry overview during Dean’s Lecuture Series, RIT College of Computing and Information Sciences blog. RIP
11/29/2012	Software security expert visits local school, Democrat and Chonicle. RIP
11/15/2012	Fidelity Invests In Secure Software Development, Dark Reading.
11/13/2012	Gary McGraw on Cyberwar and the Folly of Hoarding Cyber-Rocks, Threatpost.
11/13/2012	Cyber War, Peace, Tomorrow, Kings of War Blog.
11/08/2012	Gary McGraw on National Cybersecurity, Schneier on Security Blog.
11/08/2012	Gary McGraw on proactive defense, offensive security, IT Knowledge Exchange.
11/07/2012	Security experts push back at ‘Cyber Pearl Harbor’ warning, CSO Online.
11/01/2012	Around the Web: Proactive defense prudent alternative to cyberwarfare, InformationWeek.
10/19/2012	Kaspersky’s Exploit-Proof OS Leaves Security Experts Skeptical, Slashdot.
10/18/2012	Kaspersky’s exploit-proof OS leaves security experts skeptical, CSO Online.
09/26/2012	Bank Cyberattacks Underscore Need for Security Processes, Wall Street Journal: CIO Journal.
09/26/2012	Gary McGraw on the BSIMM4 and How to Avoid Being the Slowest Zebra, threatpost.
09/25/2012	Desktop security software gets proactive with application sandboxing, Search Enterprise Desktop.
09/25/2012	BSIMM4 Released; If You Are Not Part of the Solution, Well Then…, CyBlog.
09/21/2012	Launching An IAM Project: Where To Start, Dark Reading.
09/19/2012	Bromium secures computers by holding apps in isolation, cnet.
09/18/2012	New BSIMM Provides Measuring Stick for Secure Application Development Programs, SecurityWeek.
09/18/2012	BSIMM4 Release Expands Software Security Measurement Tool And Describes New Activities, Dark Reading.
09/18/2012	BSIMM4 Release Expands Software Security Measurement Tool and Describes New Activities, Minded Security Blog.
09/18/2012	The BSIMM Nouveau Has Arrived, EMC^2 Product Security Blog.
09/18/2012	BSIMM4 gets bigger, better, CSO Online.
09/18/2012	BSIMM4 launches today, CSO Online.
08/31/2012	Oft-cited cybercrime cost estimates hosed down, CSO Online.
07/25/2012	London Olympics officials prepare for cyber attacks, Los Angeles Times.
07/09/2012	Black hat vs white hat – the fight for the London 2012 Olympics, Computer World UK.
06/19/2012	Cloud computing pros and cons for security, SearchCloudSecurity.
06/07/2012	The Morning Download: How Government Apps Could Kill Your Business, CIO Journal (WSJ)
06/07/2012	The End of the Password as We Know It, The Atlantic Wire.
06/06/2012	LinkedIn Password Breach Illustrates Endemic Security Issue, CIO Journal (WSJ).
05/31/2012	Flame Puts Heat on Corporate IT Security, The Wall Street Journal.
05/31/2012	U.S. companies, government not likely burned by Flame, CSO.
05/30/2012	The Morning Download: Flame Raises Cloud Security Issues, The Wall Street Journal.
05/30/2012	‘Flame’ malware burns through cyberspace, Marketplace (NPR).
05/29/2012	CIOs Should See Flame as a Call to Arms, CIO Journal (WSJ).
05/15/2012	Public vs. private cyberattack responsibility debate heats up, CSO Australia.
05/09/2012	What’s in a name? Azure branding confusion and the meaning of ‘badware’, TechTarget.
05/03/2012	Could ‘bullet time’ stop a cyberattack?, Network World.
05/01/2012	The “Oceans 11” of Cyber Strikes, Brookings.
04/27/2012	Anonymous Hacker Anonw0rmer: Unmasked By Embedded Data, Not Girlfriend’s Breasts, International Business Times.
04/27/2012	McGraw wants cyber security shift, The Dartmouth.
04/26/2012	Embedded data, not breasts, brought down hacker, ComputerWorld.
04/25/2012	Will Obama preside over the coming of Big Brother?, ComputerWorld.
04/15/2012	Will we trade freedom for application security?, Network World.
03/23/12	Attacks in Android’s side-view mirror are smaller than they appear, CSO.
03/03/12	Why the security industry never actually makes us secure, CNET.
02/28/12	Government and Private Industry Experts to Speak on Innovation and Technology Transfer at IEEE Security & Privacy Magazine Panel at RSA 2012, PRWeb.
02/15/12	Romanian police arrest alleged hacker in Pentagon, NASA breaches, CSO.
02/14/12	13 security myths you’ll hear — but should you believe?, Network World.
01/26/12	Software [In]security: vBSIMM Take Two (BSIMM for Vendors Revised), informIT.
01/19/12	Pentagon-funded games would crowdsource weapons testing, Nextgov.
01/12/12	Microsoft security–you’ve come a long way, baby, Cnet.
01/10/12	White House Launches Electric Industry Security Maturity Model Program, threatpost.

2011

12/26/11	Software [In]security: BSIMM versus SAFECode and Other Kaiju Cinema, informIT.
12/21/11	Will Kim Jong Un be for cyberwarfare what his dad was for nukes?, CSO.
11/30/11	Software [In]security: Third-Party Software and Security, InformIT.
11/27/11	In 2012, a mobile security minefield, CSO Online.
10/31/11	Software [In]security: Software Security Training , InformIT.
10/26/11	Web application risks exacerbated by social media ties, says ISACA, SearchSecurity.com.
10/07/11	Security Upgrades Needed With Growing Cyberwar Threats, PCWorld.
10/04/11	Developing IT risk management decision-making criteria an ongoing challenge, SearchSecurity.com.
09/30/11	SAFECode and the BSIMM: Two Paths to a Common Goal, SAFECode blog.
09/30/11	BSIMM3 Continues To Add Real-World Data to Security Maturity Model , Application Development Trends.
09/29/11	New BSIMM3 Guide Provides New Data On Secure Software Development, OnlySoftwareBlog.
09/29/11	New BSIMM3 Guide Provides New Data On Secure Software Development, DarkReading.
09/28/11	Multi-year study of real-world software security initiatives, Help Net Security.
09/28/11	Gary McGraw on the BSIMM3 Data Release, Threatpost.
09/27/11	BSIMM3 launches today, CSO Online.
09/27/11	BSIMM3 Released: “An Excellent Tool for Devising a Software Security Strategy” , CyBlog.
09/27/11	Software [In]security: BSIMM3, InformIT.
09/27/11	BSIMM3 Release Doubles Software Security Measurement Data and Includes Measurements Over Time, Global Security Mag.
09/27/11	A Secure Software Development Lifecycle Model Matures, DeviceLine Blog.
09/27/11	A Secure Software Model Matures, Forbes.com.
09/27/11	Cigital BSIMM 3 study provides software security metrics data, SearchSecurity.com.
09/13/11	The Past, Present and Future of Software Security, Threatpost.
09/13/11	The Rise of Software Security, Slashdot.
08/03/11	New Microsoft BlueHat Prize offers $250,000 for security innovation, SearchSecurity.com.
08/02/11	Report on ‘Operation Shady RAT’ identifies widespread cyber-spying, Washington Post.
07/21/11	Software [In]security: Software Security Zombies, InformIT.
07/07/11	Simple Isn’t Simple, Darkreading.com.
06/10/11	Secure coding news flash: BSIMM3 coming in August, CSO Online.
06/08/11	Banks replace SecurID tokens, FierceCIO.
06/07/11	Cigital acquires Consciere, brings in security vets, SearchSecurity.com.
06/07/11	RSA Faces Angry Users After Breach, New York Times.
06/02/11	While U.S. Plots Cyber Strategy, Experts See Obstacles Ahead, Threatpost.
05/30/11	Software [In]security: Computer Security and International Norms, InformIT.
04/21/11	Register for May 17 IEEE Computer Society Software Experts Summit, Digital Journal.
04/12/11	Software [In]security: vBSIMM (BSIMM for Vendors), InformIT .
04/01/11	Marcus Ranum and Gary McGraw talk about software security issues, Security.
03/31/11	Microsoft Cites Progress in SDL Report, Advocates More Adoption of ASLR, DEP, Threatpost.
03/30/11	Most Windows Applications Use Microsoft’s DEP, DarkReading.
03/30/11	Microsoft cites software security progress despite sluggish ASLR support, SearchSecurity.com.
03/22/11	Software [In]security: Modern Malware, InformIT.
03/15/11	How to Mine Customer Data the Right Way, PCWorld.
03/14/11	BSIMM’s European Tour, Application Development Trends.
03/14/11	Industry groups, businesses attempt security awareness training plan, SearchSecurity.com.
03/09/11	Keynote Speakers Announced for May 17 Software Experts Summit in Silicon Valley, Digital Journal.
02/16/11	IEEE Security & Privacy Cyberwar Panel at RSA Conference 2011, Computing Now.
02/09/11	Hotel Technology Event to Feature Top Speakers and Issues, Hospitality.net – Industry News.
02/08/11	New Funding, New Website, New Research, Dasient Blog.
02/08/11	Advanced Persistent Threat: Industrial Strength Hacking, Expert Voices Speaker Series. RIP
02/04/11	Real Cyber Warfare: Carr’s Top Five Picks, Forbes.com.
01/25/11	Social Networking: Keeping It Clean, The Journal.
01/09/11	Security Awareness and Embedded Software, Making Life Easier – Ronald Landheer-Cieslak Blog.
01/01/11	Old information security challenges persist, SearchSecurity.com.

2010

12/15/10	Security expert suggests demilitarizing cybersecurity, ZDNet.
12/14/10	Cracks in cyber security reveal gaping holes in our digital defenses, TechJournal South .
12/02/10	Talk of Cyber War: What is It Good for? Absolutely Nothing, Experts Say, The New New Internet (TNNI).
12/02/10	Wikileaks: Uncle Sam Was Warned, Threatpost. RIP
12/01/10	Demilitarizing cybersecurity (Q&A), CNET.
12/01/10	McGraw and Arce on Cyberwar, 1 Raindrop.
11/30/10	Gary McGraw on Cyber War, Cyber FUD and Rhetoric, Threatpost.
11/30/10	Expert: BSIMM Can Help Enterprises Build Secure App Development Processes, DarkReading.
11/26/10	Sky News, Stuxnet and the End of the World, ComputerWeekly.com.
10/12/10	PCI Compliance Means Getting Your App Security Together , DarkReading.
10/05/10	Stuxnet: Fact vs. theory, CNET.
10/01/10	Defending Against Stuxnet Type Threats, Invincea.
09/28/10	All About Stuxnet, Six Lines blog.
09/28/10	How to Develop More Secure Software – Practices from Thirty Organizations, CERT podcast.
09/27/10	Stuxnet: An important change in the national security landscape, CTOvision.com.
09/23/10	Stuxnet Heralds New Generation of Targeted Attacks , DarkReading.
09/22/10	Most Third-Party Software Fails Security Tests, DarkReading.
09/10/10	What Adobe could learn from The Flying Wallendas, The Register.
09/01/10	It’s time to change… but how?, SDTimes.
09/01/10	Hack-Proof Dream?, ABA Journal.
08/23/10	Bejtlich on Silver Bullet Podcast, TaoSecurity.
08/18/10	HP’s Fortify Buyout Numbers Tell Lucrative Story For Software Security, Forbes.
08/17/10	HP’s Fortify Acquisition: More Validation of Security in the App Dev Lifecycle, Application Development Trends.
08/17/10	Secure software Experts say it’s no longer a pipe, gagsandgiggles.com blog. RIP
08/06/10	Real-World Software Security, Dr. Dobb’s.
06/20/10	Cyber War: Hype or Consequences?, UGN InfoManager.
06/09/10	McGraw’s Advice to Programmers, Dr. InfoSec™ Blog.
06/07/10	Open-Source Could Mean an Open Door for Hackers, Technology by MIT Review.
05/20/10	Staff prefer Facebook to pay rises, says report, ComputerWorld UK.
05/17/10	Gary McGraw on software security research, SearchSecurity.com – Security Wire Weekly.
05/13/10	Cigital expands software security model, includes data from 30 major firms, SearchSecurity.com.
05/13/10	Real-world data on software security initiatives, Help Net Security.
05/12/10	Leading Software Security Maturity Model Triples to Include More Real-World Data on Real Software Security Initiatives , EarthTimes.
05/12/10	Building Security In Maturity Model gets an Update, ComputerWeekly.com.
05/12/10	Gary McGraw on BSIMM2, Software Security and Cargo Cult Science, Threatpost.
05/12/10	Justice League – BSIMM2, My Security Planet Blog.
05/12/10	Evolving Rapidly, BSIMM2 Offers Key Elements of Successful Software Security Initiatives Shared by 30 Major Corporations, CyBlog: Security, Privacy and Mobility in the Information Age.
05/12/10	Gary McGraw on Developing Secure Software (Q&A), CNET.
05/12/10	Product Watch: ‘Measuring Stick’ For Software Security Gets An Update , DarkReading.
05/12/10	SAFECode and BSIMM: A Powerful Combination in the Work to Improve Software Security, SAFECode blog. RIP
05/12/10	Measuring Software Security: BSIMM2 and Beyond, eSecurity Planet.
05/12/10	BSIMM2: Look Left, Look Right, GEEKONOMICS. RIP
05/12/10	[WEB SECURITY] BSIMM2, Web Application Security Consortium .
05/12/10	New BSIMM report released…, MSDN blog. RIP
05/05/10	How Bad Assumptions Are Making Software Less Secure, Forbes.
05/01/10	The Debate Over Social Media at the Office, Entrepreneur Magazine.
04/22/10	Hackers and Social Networking: A Love Story, TechNewsWorld.
04/09/10	Securing the smart grid, cnet.
04/01/10	Game developers battle cheaters in a virtual world, Orlando Sentinel.
04/01/10	OWASP Top 10 vulnerabilities list adds risk to equation, Information Security Magazine.
03/31/10	Survey Says: More Than Half of Software Companies Deploying Secure Coding Methods, DarkReading.
03/27/10	Pokerstars RNG Certified, RecentPoker.com.
03/24/10	Promoting the CS at trade shows, Inside the Computer Society (IEEE Computer Society).
03/18/10	Warren Axelrod on Banking Information Security Exclusive Interview on Trends, Threats and Priorities, BankInfoSecurity.
03/07/10	Exploiting Online Games: Cheating Massively Distributed Systems, Blizz Hackers blog.
03/04/10	How a process model can help bring security into software development, Government Computer News.
03/02/10	RSA 2010: Lifestyle Hacking — Notes on “Social Networks & Gen Y Meet Security & Privacy”, CyBlog.
03/02/10	Hot topic at RSA: The pitfalls and promise of social networking, Infosecurity.
02/23/10	Sprechen Sie SSL?, News from the Lab.
02/19/10	Proposal Would Hold Software Developers Accountable For Security Bugs, InformationWeek.
02/18/10	New York State holds software developers accountable, Infosecurity.
02/18/10	Infrastructure vs. Application Security Spending, Jeremiah Grossman.
02/18/10	Legal Liability For Faulty Code, Mark Hess’ Behind The Lines.
02/17/10	Morning Security Brief: Cyberdisaster Exercise, Software Security, Pandemic Tools, and More, Security Management.
02/16/10	Group Proposes Suits Over Faulty Code, Gov Info Security.
02/16/10	SANS Institute, MITRE release new top 25 dangerous coding errors list, SearchSecurity.com.
02/16/10	Top 25 Programming Errors: Should Software Developers be Liable?, Bank Info Security.
02/16/10	Hold vendors liable for buggy software, group says, Computer World.
02/16/10	25 ways to better secure software from cyber attacks, Scientific American Observations.
02/16/10	Security agencies release Top 25 programming errors, Washington Technology.
02/16/10	Proposal Would Hold Software Developers Accountable For Security Bugs, Dark Reading.
02/16/10	Hold Vendors Liable for Buggy Software, Group Says, CIO.
02/12/10	Improving software with the Building Security in Maturity Model (BSIMM), SearchSecurity.com.
02/09/10	Microsoft, Google split over browser bug bounty, Insecurity Complex (cnet news).
02/03/10	DHS Takes Steps In The Right Direction, Gartner Blog Network.
02/01/10	In their words: Experts weigh in on Mac vs. PC security, Insecurity Complex (cnet news).
01/28/10	BSIMM: A Descriptive Model of Software Security, good code. RIP
01/27/10	David Rice on Silver Bullet Security Podcast with Gary McGraw, Geekonomics. RIP
01/26/10	Books you need to buy 3, Rock’n’Roll Programming.
01/21/10	Special Webcast: The Impact of BSI-MM in Software Development Programs, GEEKONOMICS. RIP
01/20/10	The Building Security In Maturity Model, CERIAS Security Seminar Podcast.
01/18/10	SANS Application Security Summit 2010, GEEKONOMICS. RIP
01/04/10	Software Security – An interview with Dr. Gary McGraw, Imperva Security Podcasts.

2008 - 2009

12/31/09	Building Security In Maturity Model, RiskPundit.
12/30/09	The All-Decade Interview Team, threatpost.
12/30/09	Fun Reading on Security and Compliance #22, Anton Chuvakin Blog – “Security Warrior”.
12/28/09	Web Application Security Podcasts, Secweb.nerd.it blog.
12/23/09	Exploiting Online Games: Cheating Massively Distributed Systems, Security Reading Room Blog. RIP
12/15/09	SANS Institute to Host First Annual Application Security Focused Event and Summit, JAVA Developer’s Journal. RIP
12/13/09	Coding gems 11-20, Confessions of a Chief Home Officer.
12/01/09	Silver Bullet Talks with Fred Schneider, IEEE SECURITY & PRIVACY.
11/23/09	looking out for lifestyle hackers in the workplace, terminal 23. RIP
11/18/09	Bring Your Computer to Work Day?, 1 Raindrop.
11/13/09	Best practices in information security, Continuity Central. RIP
11/13/09	Interested in application (code) security?, Bloor. RIP
11/12/09	Fortify Software: New Study Provides Real-World Data on Leading Software Security Initiatives in Europe, TradingMarkets.com. RIP
11/12/09	Differences between EU and US attitudes to application security detailed in new report, SC Magazine.
11/12/09	Cigital, Fortify tailor security model for Europe, SD Times. RIP
11/12/09	New Study Provides Real-World Data on Leading Software Security Initiatives in Europe; First-ever European Maturity Model Details Success of SWIFT, Nokia and others, TMCnet.com.
11/11/09	Real-world data on software security initiatives, Help Net Security.
11/11/09	BSIMM Europe, Minded Security Blog.
11/11/09	BSIMM Europe, Off by On.
11/10/09	Hot-or-Not session over software security, Beveiliging Nieuws.
11/10/09	From Biometrics to BSIMM , & “50 Hurricanes Hitting At Once!” — A Report on the Sixth Annual Partners Conference, CyBlog: Security, Privacy and Mobility in the Information Age.
11/06/09	Gary McGraw on Software Security, the BSIMM Model and Critical Thinking, Digital Underground podcast.
11/06/09	Gary McGraw on Software Security, the BSIMM Model and Critical Thinking, Gary McGraw on Software Security, the BSIMM Model and Critical Thinking, Threatpost
11/05/09	Journal: Out of Touch with Reality I, Public Intelligence Blog.
11/04/09	Lifestyle Hackers: o desafio da Net Generation, Miguel Almeida.
11/03/09	Lifestyle Hackers, Hack in the Box.
11/03/09	The new insider threat – lifestyle hackers, RiskPundit. RIP
11/03/09	Lifestyle Hackers, Hayes on Security. RIP
11/02/09	Hacking Is A Way Of Life, Dark Reading.
11/02/09	Lifestyle Hackers, LinuxSecurity.com.
11/09/09	Fortify: New Study Provides Real-World Data on Leading Software Security Initiatives in Europe, Global Security Mag.
10/27/09	Leer denken als een hacker en programmeren als een security expert, engineersonline.nl.
10/24/09	Hoff on Silver Bullet Podcast, SecuObs.com.
10/24/09	Hoff on Silver Bullet Podcast, 1 Raindrop.
10/24/09	Cigital’s Gary McGraw talks cloud security with Chris Hoff, IT Knowledge Exchange.
10/22/09	Web application firewall use goes beyond compliance, company finds, SearchSecurity.com.
10/22/09	Sicurezza Open, Il sole 24 ore.
10/20/09	New Lecture Series Centers on Security Issues, UA News.
10/12/09	Exploiting Online Games, TEEYAI’s Blog. RIP
10/09/09	Reality Check, 1 Raindrop.
10/08/09	Cigital, SANS Institute Roll Out Software Security Self-Measurement With BSIMM, DarkReading.
09/25/09	Benchmarking Security – Are We Safe Yet?, John Pescatore (Gartner Blog Network).
09/17/09	Is SQL Password Vulnerability A Real Threat?, Redmond Developer News. RIP
09/16/09	Silver Bullet Security Podcast: Fred Schneider, Computing Now (IEEE Computer Society Newsletter). RIP
09/15/09	Information Security Summit 2009 – Overview, Gartner.
08/18/09	SQL Injection continues to trouble firms, lead to breaches, SearchSecurity.com.
07/27/09	Book Review: Exploiting Online Games, 404 Tech Support.
07/21/09	Silver Bullet Podcast Interviews Bob Blakley, Burton Group Blogs: Security and Privacy. RIP
07/08/09	Suspicion Centers on N. Korea in DoS Blitz but No Smoking Gun, TechNewsWorld.
07/01/09	Gov’t official: We’re serious about cybersecurity this time, ITworld.
06/25/09	The Value of Static Analysis Tools, Building Real Software.
06/22/09	From computer determinism to real world indeterminism, Thinking Inside a Bigger Box.
06/20/09	Q&A: Twitter And Clouds, Dr. Dobb’s.
06/10/09	How Microsoft Influenced Adobe Security In a Good Way, ComputerWorld.
06/05/09	Summer Reading for Security Pros: Schneier or Sagan?, CSO Online.
06/03/09	PayPal Software Security Podcast, cgisecurity.com.
06/02/09	Xbox: Integrating Social Networks, ESET Threat Blog. RIP
05/10/09	CyLab Business Risks Forum: Gary McGraw on Online Games, Electronic Voting and Software Security, CyBlog.
04/27/09	Gary McGraw Interviews Virgil Gligor on Software Security and Other Vital Issues, CyLab news.
04/24/09	Hacking in online games a widespread problem, FierceCIO TechWatch (also: cnet).
04/23/09	Top Cybersecurity Official Spurs White House to Take Lead, TechNewsWorld.
04/23/09	Hacking online games a widespread problem, cnet news.
04/22/09	RSA: The fundamental challenge of security versus privacy, SC Magazine. RIP
04/22/09	Experts call for better measurement of security, threatpost: digital underground.
04/20/09	Secure software? Experts say it’s no longer a pipedream, cnet security news.
04/19/09	Brian Chess and Gary McGraw AND-401: Building Security In Maturity Model (BSIMM), RSA Conference 365. RIP
04/17/09	Gary McGraw FEA-105: Surveillance: Security, Privacy and Risk and HT2-303: Exploiting Online Games, RSA Conference 365. RIP
04/14/09	RSA panel to discuss surveillance, privacy concerns, SearchSecurity.com.
04/08/09	Building Security In Maturity Model (BSIMM), (ISC)2 Blog.
04/07/09	Software [In]security: Nine Things Everybody Does: Software Security Activities from the BSIMM, threatpost Punditry.
04/07/09	IEEE Security & Privacy Magazine Sponsors Surveillance Panel at RSA, PR Newswire (press release). RIP
04/06/09	Building Security In, Maturely, Emergent Chaos. RIP
04/03/09	Brad’s Reality Check Interview, ASSET (Adobe blog).
04/01/09	Een maturiteitsmodel voor software security, IT Professional. RIP
03/31/09	Conficker Fears Create Fertile Ground for Other Scammers, TechNewsWorld.
03/31/09	An Experience-Based Maturity Model for Software Security, CERT Podcast.
03/27/09	BSIMM lays out security blueprint, SDTimes. RIP
03/27/09	The He Got Game Rule, 1 Raindrop.
03/25/09	It B-SIMM-ply Marvelous!, Enterprise Security Blog. RIP
03/23/09	SDWest, SDBestPractices, SDArch&Design: RIP, 1975 – 2009, The Blog Ride.
03/17/09	First Data-Based Security Maturity Model Released, Visual Studio Magazine (also: Redmondmag.com). RIP
03/17/09	First Data-Based Security Maturity Model Released, Application Development Trends. RIP
03/13/09	Microsoft on ‘Building Security In Maturity Model’, Ruminations on Architecture and Security.
03/13/09	Fortify & Cigital Release BSIMM — Integrating Best Practices from Nine Software Security Initiatives, CyBlog.
03/12/09	Software Security Model – BSI-MM released, Mike Andrews. RIP
03/12/09	Building Security In Maturity Model, The Security Development Lifecycle (MSDN).
03/12/09	New report offers low-down on secure develoment, Network World.
03/11/09	New report offers low-down on secure develoment, Techworld.com. RIP
03/11/09	Application Security is Journey, Not a Destination, Security Incite. RIP
03/10/09	Obama’s New Tech Czar, BusinessWeek.
03/10/09	Maturity model offers software security yardstick, Computer Business Review (also: Computer World UK).
03/10/09	Modelo de Maturidade para Segurança de Software (translate), marcelosouza.com.
03/10/09	A New Hope for Software Security?, Network World (also: CSO Online).
03/09/09	Political Turf Wars Drive Out US Cybersecurity Chief, TechNewsWorld.
03/09/09	Building Security In Maturity Model Partly Applies to Detection and Response, TaoSecurity.
03/06/09	BSI-MM est arrivé!, 1Raindrop.
03/06/09	CAG, BSIMM and field-assessed security, Security Balance. RIP
03/06/09	Fortify, Cigital Release Software Security Program Benchmarks, Dark Reading.
03/06/09	Risks Digest 25.60, RISKS.
03/05/09	Benchmarks for developing and growing an enterprise-wide software security program, Help Net Security.
03/05/09	Building Security In Maturity Model, Sylvan von Stuppe.
03/05/09	BSIMM: Maturing the process of Building Security In., SilverStr’s Blog.
03/05/09	BSIMM lives, SC-L.
03/04/09	The Building Security In Maturity Model (BSIMM), Dr. InfoSec.
03/04/09	New Effort Hopes to Improve Software Security, The Wall Street Journal Blog: Digits.
02/16/09	锁好数据防盗门走出安全误区, (translate) cnet China. RIP
02/16/09	Why top lists don’t work, SearchSecurity.com podcast. RIP
02/11/09	Enterprise Architecture: What is a worst practice in your organization?, Enterprise Architecture: From Incite comes Insight….
02/09/09	SQL injection attacks targeting Flash, JavaScript errors, SearchSecurity.com.
02/03/09	Silver Bullet Security Podcast, 1 Raindrop.
02/03/09	Book Review: Exploiting Software – How to Break Code, 404 Tech Support.
01/20/09	Source Code Analysis Tools: How to Choose and Use Them, CSO Online
01/20/09	Spécial sécurité : politique et malware, mélange sulfureux, LeMagIT (English translation).
01/19/09	Fuzzing Is Still Widely Unknown, ITworld.
01/19/09	Are vulnerability lists helpful?, SearchSecurity.com Security Squad podcast.
01/15/09	Gary McGraw’s Reality Check Security Podcast, The Security Development Lifecycle.
01/15/09	Should states lead the charge for secure application development?, SearchSecurity.com. RIP
01/15/09	OWASP Podcast Series #5.
01/12/09	Reality Check, Off by On.
01/12/09	Protection Poker, Emergent Chaos. RIP
01/08/09	Gary McGraw and Steve Lipner, Emergent Chaos.
01/07/09	Fuzzing Is A Surprise To Some, But Not To Us – Right?, Fuzzing. RIP
11/28/08	TOP PC, Internet, Information Security & Identity Management Blogs!, CEOWORLD Magazine.
11/21/08	Cheating, security, & theft in virtual worlds and online games, GranneBlog.
11/18/08	The Economics of Finding and Fixing Vulnerabilities in Distributed Systems, 1 Raindrop.
11/04/08	Lecture 07 , UCB CS 294-22 Web Security.
10/20/08	Browsers getting harder and harder to secure, SearchSecurity.
10/17/08	The Untapped Open Source Online Gaming Opportunity, TechNewsWorld.
10/16/08	What Videogames Teach Us About Security, Forbes.com
10/15/08	Browser security a concern for website development, SearchSoftwareQuality.com.
09/22/08	New “Likes and Dislikes”- Based RavenWhite Password Protection Technique Helps Consumers and Businesses Thwart Email Hackers, Business Wire.
09/16/08	The Chosen, System Advancements at the Monastery.
09/16/08	Twenty cans of worms on the wall … (The Greek Hackers vs CERN Saga), Cyberpunk as a commodity. RIP
09/05/08	Don’t ignore internal security (and don’t write passwords on Post-it’s), CIO Symmetry.
09/05/08	Think like a hacker (and other World of Warcraft-inspired musings), TotalCIO.
09/03/08	Multiplayer online games pose threat, FierceCIO.
09/08	New Exploits at Black Hat (sidebar: “Microsoft Lays out Security MAPP”), Redmond Developer News. RIP
08/29/08	Cybercrime Gets Its Game On, Forbes.
08/25/08	Software Security Market, 1 Raindrop.
08/20/08	Gary McGraw and Julia Allen: How to Start a Secure Software Development Program, CERT Podcast Series.
08/19/08	Security outbreaks an insight 2008, Ammasajan’s Weblog. RIP
08/18/08	IT School to Watch: Indiana University, ComputerWorld.
08/12/08	Software security is all grown up (or at least walking on its own), Security Bytes.
08/12/08	Space Race, The Secure Software Zone.
08/08/08	Daniel Suarez – Daemon: Bot-Mediated Reality, The Long Now Foundation.
08/02/08	锁好数据防盗门走出安全误区 (translation), IT168.com.
08/01/08	Zero tolerance for bugs, SD Times. RIP
07/31/08	The state of software security, SearchSecurity.com.
07/25/08	Getting Started – put Security into your SDLC, ePrivacyAwareness. RIP
07/16/08	Forrester Research Security Forum 2008, September 4-5, 2008 in Boston (press release), TradingMarkets.com. RIP
07/07/08	Microsoft Talks Up SDL, Application Development Trends. RIP
07/08/08	In Plain Text: Exploiting Online Games, Security Management. RIP
06/30/08	Exploting Online Games, Rev Dan Catt (reader review). RIP
06/24/08	Yikes! Vista Security to be Obliterated!, David LeBlanc’s Web Log.
06/17/08	Rise of managed security services, Security Squad podcast (13 min. in). RIP
06/11/08	Financial Services Lead Spend in $650m Software Security Industry, A-TeamGroup. RIP
06/10/08	Network Security Podcast, Episode 107.
06/06/08	Gary McGraw on secure software development, SearchSecurity.com.
06/06/08	Gary McGraw on secure software development, SearchSecurity.com.
06/04/08	Protecting the Critical Infrastructure: Beware of Crimeware, BlogInfoSec.com.
05/07/08	Newspapers – Yesterday’s News for Yesterday’s People, 1 Raindrop.
05/08	In Search of Trust, Redmond Developer News. RIP
04/29/08	What tech book are you reading right now?, Blogus Maximus.
04/24/08	Payment Card Industry standard under attack?, SD Times. RIP
04/07/08	Addison-Wesley Professional Showcases The New School of Information Security at RSA 2008, press release.
03/17/08	Seven categories of software security flaws, ComputerWeekly.com.
03/17/08	Making software secure from first principles, ComputerWeekly.com.
03/12/08	Criminals step into virtual world, The Gazette (Canada).
02/19/08	HiR Reading Room: Hakin9 Magazine, HiR Information Report.
02/18/08	Top 10 Podcast Episodes, Eon Security Blog. RIP
02/07/08	Exploiting Online Games, HiR Information Report.
02/06/08	Haxx0ring 4tw, The Joshua Tree.
02/08/08	Improving Software Quality, Software Quality Assurance Engineering.
01/31/08	The Daily Incite – January 31, 2008, Security Incite.
01/28/08	Do you see seven misunderstanding Zhendong network security (translated), CSDN.
01/20/08	Online Game Security, UW Computer Security Course Blog.
01/18/08	Information security makes the silver screen, Security Bites.
01/16/08	The State of Security in MMORPGs, Slashdot.
01/16/08	MMORPG Security, WarCry Network.
01/15/08	The Daily Incite, Security Incite.
01/12/08	Top 10 Tricks to exploit SQL Server Systems, Hacking Truths.
01/10/08	Hacking & the Academy Awards, DarkReading.
01/10/08	Software Security News, System Advancements at the Monastery.
01/07/08	The Daily Incite, Security Incite.
01/07/08	The New Face of Cybercrime
01/02/08	Top IT Conversations Shows for December 2007, Phil Windley’s Technometria.
01/01/08	Security researchers warn of dangers in online games, Massively.
01/08	Best Practices to Secure Your Code, Microsoft Certified Professional Magazine (also: Redmond Developer News). RIP

1996-1999

Click here to view articles.