Posted by Robert Vamosi on February 2, 2017
Gary McGraw provided this year’s keynote address at Shmoocon, held January 13-15 at the Washington Hilton in Washington, D.C. His talk, “Seven Things: Frank Zappa, T. Coraghassen Boyle, and 21 Years in Security,” touches upon valuable insights gleaned over McGraw’s more than 21 years in software security. It also reflects his many interests.
Watch the video here.
1:20 intro: Bruce Potter explains how we met at NDSS while he introduces me
3:26 Talk starts with a series of disclaimers
1. old guy
2. corporate exec
3. academic scientist
4. software guy
5:00 First Synopsys talk
5:25 How Bruce Potter finagled me into giving the keynote
6:10 Stealing ideas from bad-ass iconoclasts
7:16 Wigs and stuff. if you are passionate about this field, there is lots of work to be done
8:04 Philosophy, Paul Humphreys, Searle, and Hofstadter
“… don’t let the system tell you ‘that’s wrong’ in intellectual pursuits.”
10:05 Letter Spirit with Doug Hofstadter
Fluid Concepts and Creative Analogies first book ever sold on amazon
11:00 Friday meeting at Reliable Software Technologies and the sad state of computer security
12:00 “… the paradigm was, to put it bluntly, f-ed” potty mouth GEM on stage.
12:57 “… a firewall is like a condom with a hole on port 80”
12:24 The obvious question “Why is the software broken?”
14:36 Building Secure Software “Why is the stuff broken?”
15:34 Tech transfer, passion, and the valley of death
16:30 Follow your passion. Be like Marie Moe
17:24 The story behind why Exploiting Online Games exists
19:40 Get a good rhythm
“@shmoocon is really cool because you are a community of people who are being intentionally kind to each other”
21:59 use real data and track them over time to make intentional decisions
24:00 The Silver Bullet podcast rhythm is monthly over ten years
24:54 Many minds are better than one. Build a network
26:04 Practice. 47 years of violin
27:00 On science, research, “research,” publication and real world stuff
28:44 Software Security is about BOTH breaking stuff and building stuff properly, hence the logo. Where did the logo come from?
31:23 Don’t be afraid to invent stuff, cut new ice, introduce new ideas to the world @tcboyle
34:40 Why security-meters that measure software security directly are NOT POSSIBLE (halting problem anyone?)
39:00 The advent of the IEEE-CSD
42:24 Or you could just write original music
42:26 Too much information is running through my brain
43:48 Part of leadership is being calm in the face of certain disaster
45:35 The gray haired people have seen the world not end many times
46:00 Give back (and sail in kilts)
“… we’re all monkeys in this together on this planet”
49:03 Know your audience
50:29 Presentation of the moose head
Gary McGraw is the Vice President of Security Technology at Synopsys (SNPS), a Silicon Valley company headquartered in Mountain View, CA. He is a globally recognized authority on software security and the author of eight bestselling books on this topic. His titles include Software Security, Exploiting Software, Building Secure Software, Java Security, Exploiting Online Games, and 6 other books; and he is editor of the Addison-Wesley Software Security series.
Get the latest Software Integrity news, thought leadership, and more.