KEYNOTES

Monday, April 16, 8:45 am - 9:30 am
Security Testing: Uncut and Uncensored

Herbert H. Thompson

Warning: This talk contains graphic examples of software failure...not for the faint of heart.

With software running our most critical business processes, we need to think about both its utility and the risk it can bring to those processes. In this presentation, Dr. Herbert H. Thompson shares the results of a multiyear study on how software fails with respect to security. Dr. Thompson will illustrate the major categories of vulnerabilities with live, uncut and uncensored demonstrations of the most pressing and current types of vulnerabilities in software. In this keynote you will learn what the biggest risks are to your software, understand the major categories of security vulnerabilities and what their consequences are, and learn how to begin the risk assessment process. You’ll also become equipped to make more security-savvy software acquisition, development and outsourcing decisions.

Herbert H. Thompson is the chief security strategist at Security Innovation. He has co-written or edited 12 books, including “How to Break Software Security: Effective Techniques for Security Testing” (with Dr. James Whittaker), and most recently, “The Software Vulnerability Guide.” As the chair of the Application Security Industry Consortium (AppSIC), he leads an association of industry technologists and leaders to help establish and define cross-industry application security guidance and metrics.

Dr. Thompson has authored more than 60 academic and industrial publications on software security. He earned his Ph.D. in applied mathematics from Florida Institute of Technology, where he remains an adjunct professor.

Monday, April 16, 4:45 pm - 5:45 pm
Software Security: State of the Practice 2007

Gary McGraw

At the Software Security Summit 2006, Gary McGraw presented the software security framework described in his book “Software Security: Building Security In.” Using that same framework—built around the three pillars of software security: applied risk management, best practices/touchpoints and knowledge—Dr. McGraw will discuss and describe the state of the practice one year later.

This keynote will present real data from the field, drawing upon Dr. McGraw’s experience with large enterprises as a consultant. Come hear this keynote, and see why Dr. McGraw is optimistic about the future of software security.

Gary McGraw is CTO of security firm Cigital. He provides strategic advice to major software producers and consumers, and has written more than 90 peer-reviewed technical publications. He also functions as principal investigator on grants from DARPA, National Science Foundation and NIST’s Advanced Technology Program. Dr. McGraw serves on advisory boards of Authentica, Counterpane and Fortify Software, as well as advising the CS department at UC Davis, the CS department at UVa, and the School of Informatics at Indiana University. Dr. McGraw holds a dual Ph.D. in cognitive science and computer science from Indiana University and a B.A. in philosophy from UVa.

Dr. McGraw is the author of six best-selling books: “Software Security: Building Security In” (Addison-Wesley, 2006), “Exploiting Software” (Addison-Wesley, 2004), “Building Secure Software” (Addison-Wesley, 2001), “Software Fault Injection” (Wiley, 1998), “Securing Java (Wiley, 1999) and “Java Security” (Wiley, 1996).