Gary McGraw gave a guest lecture on software security at HiG. The lecture was titled „Cyber War, Cyber Peace, Stones, and Glass Houses“. He stressed that the focus of the security (research/operations) community was too much on incident handling and offensive capabilities instead of building secure systems.
The lecture was inspiring and entertaining, put software security in a larger perspective, and gave results of the BSIMM initiative that collects information about actual software security practices used by developers in existing companies.
We had a lot of students and faculty members from information security and software development in the auditorium. One remarked later:
„This was the best lecture and the most interesting guest at the college I have experienced in the 18 years I have been here.“
I have not been here for 18 years yet, but the lecture was indeed very good. There is a recording of the lecture, in case you missed it.
Gary McGraw is an author of many books and peer-reviewed publications on IT security. In addition, Gary McGraw produces the monthly Silver Bullet Security Podcast for IEEE Security & Privacy magazine. Gary is the Chief Technical Officer at Cigital Inc. He holds a dual Ph.D. in Cognitive Science and Computer Science from Indiana University.
Note to myself – things to do better next time:
- Have an unobtrusive wireless microphone at hand.
- Convince our local Mjøsbok book store that it is worth having copies of McGraw’s books on display when he is visiting, even though his books are not obligatory reading in the current semester. (I had informed them, but it did not seem to be a priority for them.)
- Make sure that visitors get recommendations about places to eat and drink well in advance of their arrival so that they do not have to depend on random advice that leads them to places they later blog about as not worth visiting.
