Software Integrity

 

Gary McGraw’s Shmoocon keynote recaps security career with advice

Gary McGraw provided this year’s keynote address at Shmoocon, held January 13-15 at the Washington Hilton in Washington, D.C. His talk, “Seven Things: Frank Zappa, T. Coraghassen Boyle, and 21 Years in Security,” touches upon valuable insights gleaned over McGraw’s more than 21 years in software security. It also reflects his many interests.

Watch the video here.

Play-by-play annotation

1:20 intro: Bruce Potter explains how we met at NDSS while he introduces me

3:26 Talk starts with a series of disclaimers
1. old guy
2. corporate exec
3. academic scientist
4. software guy

5:00 First Synopsys talk

5:25 How Bruce Potter finagled me into giving the keynote

image1-500

6:10 Stealing ideas from bad-ass iconoclasts

image2-500

7:16 Wigs and stuff. if you are passionate about this field, there is lots of work to be done

8:04 Philosophy, Paul Humphreys, Searle, and Hofstadter
“… don’t let the system tell you ‘that’s wrong’ in intellectual pursuits.”

image4-500

10:05 Letter Spirit with Doug Hofstadter
Fluid Concepts and Creative Analogies first book ever sold on amazon

image5-500

11:00 Friday meeting at Reliable Software Technologies and the sad state of computer security

image6-500

12:00 “… the paradigm was, to put it bluntly, f-ed” potty mouth GEM on stage.

image7-500

12:57 “… a firewall is like a condom with a hole on port 80”

image8

12:24 The obvious question “Why is the software broken?”

image9-500

14:36 Building Secure Software “Why is the stuff broken?”

15:34 Tech transfer, passion, and the valley of death

16:30 Follow your passion. Be like Marie Moe

image-10-500

17:24 The story behind why Exploiting Online Games exists

19:40 Get a good rhythm
“@shmoocon is really cool because you are a community of people who are being intentionally kind to each other”

image11-500

21:59 use real data and track them over time to make intentional decisions

image12-500

24:00 The Silver Bullet podcast rhythm is monthly over ten years

24:54 Many minds are better than one. Build a network

26:04 Practice. 47 years of violin

image14-500

27:00 On science, research, “research,” publication and real world stuff

image15-500

28:44 Software Security is about BOTH breaking stuff and building stuff properly, hence the logo. Where did the logo come from?

garylogo-500

31:23 Don’t be afraid to invent stuff, cut new ice, introduce new ideas to the world @tcboyle

image17-500

32:05 My new stuff: Get data, Describe data, Measure
BSIMM
IEEE-CSD
CISO Project

image18-500

34:40 Why security-meters that measure software security directly are NOT POSSIBLE (halting problem anyone?)

39:00 The advent of the IEEE-CSD

image19-500

42:24 Or you could just write original music

image20-500

42:26 Too much information is running through my brain

image21-500

43:48 Part of leadership is being calm in the face of certain disaster

45:35 The gray haired people have seen the world not end many times

46:00 Give back (and sail in kilts)
“… we’re all monkeys in this together on this planet”

49:03 Know your audience

image28-500

image29-500

50:29 Presentation of the moose head

image30

Gary McGraw is the Vice President of Security Technology at Synopsys (SNPS), a Silicon Valley company headquartered in Mountain View, CA. He is a globally recognized authority on software security and the author of eight bestselling books on this topic. His titles include Software Security, Exploiting Software, Building Secure Software, Java Security, Exploiting Online Games, and 6 other books; and he is editor of the Addison-Wesley Software Security series.