Keynote: Software Security - A Study in Technology Transfer (SPLASH 2014 - SPLASH Keynotes)

Mon 20 - Fri 24 October 2014 Portland, Oregon, United States

Track

SPLASH 2014 Keynotes

Time Zone

The program is currently displayed in (GMT-07:00) Tijuana, Baja California.

Use conference time zone: (GMT-07:00) Tijuana, Baja CaliforniaSelect other time zone

The GMT offsets shown reflect the offsets at the moment of the conference.

Time Band

By setting a time band, the program will dim events that are outside this time window. This is useful for (virtual) conferences with a continuous program (with repeated sessions).
The time band will also limit the events that are included in the personal iCalendar subscription service.

Display full programSpecify a time band

Save

When

Wed 22 Oct 2014 08:30 - 10:00 at Salon E+F - Gary McGraw Keynote Chair(s): Shriram Krishnamurthi

Abstract

Title

Software Security - A Study in Technology Transfer

Abstract

Where do security technologies come from? Academics propose research and government (sometimes) funds it. Startups move technologies across the “research valley of death” to early adopters. Global corporations make technology widely available by acquiring startups. At every step there are gaps and pitfalls.

Adoption is the acid test of innovation. Idea-generation is perhaps ten per cent of innovation; most of the work is on technology transfer and adoption. Chance plays a big role in creating opportunities (e.g., R&D involves a lot of luck), but a company’s success depends on its ability to make opportunities more likely to occur, and to capitalize on those opportunities when they arise. Passionate individuals drive technology transfer more than does process; indeed, some people believe that the original researchers need to be involved all the way along the chain. Prototyping is an important practice, often resulting in “researchware” that proves a concept but is not ready for wide use. Transforming a prototype from the lab to the real-world use is a multi-stage, multi-year undertaking.

This talk will use the decade-long evolution of static analysis in code review as a driver for discussion. We’ll talk startups, big companies, venture capital, research agencies, and subject-matter expertise. In general, technologists don’t appreciate business people enough and business people don’t appreciate technology enough. Most successful companies are brilliant at one, but also need to be adequate at the other.

Video: http://www.infoq.com/presentations/security-technology-transfer

Link to Publication

http://dl.acm.org/citation.cfm?id=2661745

Bio

Gary McGraw is the CTO of Cigital, Inc., a software security consulting firm with headquarters in the Washington, D.C. area and offices throughout the world. He is a globally recognized authority on software security and the author of eight best selling books on this topic. His titles include Software Security, Exploiting Software, Building Secure Software, Java Security, Exploiting Online Games, and 6 other books; and he is editor of the Addison-Wesley Software Security series. Dr. McGraw has also written over 100 peer-reviewed scientific publications, authors a monthly security column for SearchSecurity and Information Security Magazine, and is frequently quoted in the press. Besides serving as a strategic counselor for top business and IT executives, Gary is on the Advisory Boards of Dasient (acquired by Twitter), Fortify Software (acquired by HP), Raven White, Max Financial, Invotas, and Wall+Main. His dual PhD is in Cognitive Science and Computer Science from Indiana University where he serves on the Dean’s Advisory Council for the School of Informatics. Gary served on the IEEE Computer Society Board of Governors and produces the monthly Silver Bullet Security Podcast for IEEE Security & Privacy magazine (syndicated by SearchSecurity).

company http://www.cigital.com podcast http://www.cigital.com/silverbullet blog http://www.cigital.com/justiceleague book http://www.swsec.com personal http://www.cigital.com/~gem twitter @cigitalgem