Next SERC Talk: “What are the Top Ten Software Security Flaws?”

The next SERC Talk will be presented by Gary McGraw from Synopsys on Wednesday, October 4, 2017 at 1 PM EST. He will be exploring “What are the Top Ten Software Security Flaws?”. We hope you can join us in continuing this discussion series on cybersecurity.

GMcGraw 15TOPIC: “What are the Top Ten Software Security Flaws?”

SPEAKER: Gary McGraw, Synopsys

Questions and comments are welcome utilizing the Q&A and chat tools, respectively. For those unable to connect to the WebEx tool, please feel free to email your questions, comments ahead of time to Ms. Mimi Marcus for incorporation into the discussion.

NOTE: All Talks will be broadcast on WebEx. Review these system requirements to assure your connection to the webinar will be uninterrupted.  If you have any trouble with this platform, please contact us.

REGISTER NOW

DOWNLOAD SLIDES

Abstract

Software security defects come in two categories: bugs in the implementation and flaws in the design. In the commercial marketplace, much more attention has been paid to finding and fixing bugs than has been paid to finding and fixing flaws.  That is because automatically identifying bugs is a much easier problem than identifying design flaws.  The IEEE Center for Secure Design was founded to address this issue head on.  My presentation will cover the IEEE CSD’s first deliverable by introducing and discussing how to avoid the top ten software security flaws.  The content was developed in concert with Twitter, Google, Cigital, HP, Sadosky Foundation of Argentina, George Washington University, Intel/McAfee, RSA, University of Washington, EMC, Harvard University, and Athens University of Economics and Business.  During the talk, I will introduce and discuss how to avoid the top ten software security design flaws. It’s important, of course, to know that these flaws account for half of the defects commonly encountered in software security. But more important still is learning how to avoid these problems when designing a new system or revisiting an existing system.

Bio

Gary McGraw is the Vice President Security Technology of Synopsys (SNPS), a silicon valley company headquartered in Mountain View, CA. He is a globally recognized authority on software security and the author of eight best selling books on this topic. His titles include Software Security, Exploiting Software, Building Secure Software, Java Security, Exploiting Online Games, and 6 other books; and he is editor of the Addison-Wesley Software Security series.  Dr. McGraw has also written over 100 peer-reviewed scientific publications, authors a periodic security column for SearchSecurity, and is frequently quoted in the press. Besides serving as a strategic counselor for top business and IT executives, Gary is on the Advisory Boards of Max Financial, NTrepid, and Ravenwhite.  He has also served as a Board member of Cigital (acquired by Synopsys) and as Advisor to Dasient (acquired by Twitter), Fortify Software (acquired by HP), and Invotas (acquired by FireEye). His dual PhD is in Cognitive Science and Computer Science from Indiana University where he serves on the Dean’s Advisory Council for the School of Informatics.  Gary produces the monthly Silver Bullet Security Podcast for Synopsys and IEEE Security & Privacy magazine (syndicated by SearchSecurity).

Upcoming 2017 SERC Talks

November 1
Dr. William Scherlis, Institute for Software Research, Carnegie Mellon University
The Dilemmas of Cybersecurity – Why is Everything Broken?
ABSTRACT | REGISTER NOW

 

For any technical content questions or if you would like to present a SERC Talk, please contact SERC Talks Editor-in-Chief, Dr. Barry Boehm. For any questions or issues regarding the upcoming SERC Talk, please contact Ms. Mimi Marcus for assistance. The SERC Talk sessions will be recorded and available for viewing on the SERC Youtube Channel and the SERC Talks page following the event. More information on future SERC Talks can be found here.

Please mark your calendars and plan to join us!