• E-mail
• Print
• Comment
• Font Size
• Digg
• del.icio.us
• Discuss article

Cigital CTO Gary McGraw Authors Definitive Software Security Book

Posted on: Monday, 6 February 2006, 09:00 CST

DULLES, Va., Feb. 6 /PRNewswire/ -- Cigital, Inc., a leading provider of software quality management consulting solutions, today announced Chief Technology Officer Gary McGraw, Ph.D. has authored a new book describing the state of the art in the exploding field of software security.

Software Security: Building Security In (Addison-Wesley, 2006) is a hands- on, how-to guide for software security. Coming on the heels of McGraw's previous best sellers Building Secure Software (Addison-Wesley, 2001) and Exploiting Software (Addison-Wesley, 2004), this book sets the standard for software security best practices. "By putting the straightforward advice in my new book into practice, software developers and architects can practice software security with confidence and rest assured that their software will work," said McGraw. "My seven software security touchpoints, developed through years of practicing applied software security in the real world, can enhance any software development lifecycle."

Together with Building Secure Software and Exploiting Software, Software Security will be made available in a three book box set called the Software Security Library (Addison-Wesley, 2006). The box set is the anchor for the Addison-Wesley Software Security Series, Gary McGraw consulting editor. Building Secure Software, often referred to as "the white hat book," provides a coherent and sensible philosophical foundation for the blossoming field of software security. Exploiting Software, often referred to as "the black hat book," provides a much-needed balance, teaching how to break software and how malicious hackers write exploits. The two books are in some sense mirror images. Software Security unifies the two sides of software security -- attack and defense, exploiting and designing, breaking and building -- into a coherent whole. Like the yin and the yang displayed on the cover, software security requires a careful balance.

"One of the most important ways we can solve information security problems for the long term is by making security part of the 'core DNA' of software development," said Howard Schmidt, former White House cyber security advisor. "McGraw's book tells you how to make the 'culture of security' part of your development lifecycle."

The software security touchpoints detailed in Software Security are directly aligned with Cigital's approach to enterprise software security. "Cigital customers know that the touchpoints work. They have been applying them successfully for years," offers McGraw.

As the world's singular authority on software security, McGraw is co- author of Exploiting Software, Building Secure Software, Securing Java (Wiley, 1999), Software Fault Injection (Wiley, 1998), and Java Security (Wiley, 1996). In addition to consulting with such leading corporations as QUALCOMM and Mastercard International, McGraw has written over ninety peer-reviewed technical publications. He serves on the Advisory Boards of Authentica, Counterpane, and Fortify Software, as well as advising the Computer Science Departments at UC Davis and UVa and the School of Informatics at Indiana University. He is a member of the IEEE Security and Privacy Task Force, and was recently elected to the IEEE Computer Society Board of Governors. He writes a monthly security column for IT Architect magazine and is the editor of Building Security In for IEEE Security & Privacy magazine.

About Cigital

Cigital is a leading consulting firm specializing in software security and quality. Cigital enables clients to deliver reliable software faster -- gaining insight and control over software processes, products, and policies. For repeatable delivery and deployment of secure and reliable software on time and under budget, go to Cigital. Software Confidence. Achieved.

Founded in 1992, Cigital is headquartered in Northern Virginia with additional offices in Boston and Los Angeles. For additional information about Cigital and its services, please contact Cigital at 800.824.0022 or at http://www.cigital.com/.

About Addison-Wesley

Addison-Wesley is the leading publisher of high-quality and timely information for programmers, developers, and system administrators. The Company's mission is to provide educational materials concerning new technologies and new approaches to current technologies written by leading authorities. Addison-Wesley is a division of Pearson Education, the global leader in integrated education publishing. Pearson Education is part of Pearson plc , the international media company. Visit us at http://www.awprofessional.com/.

About the Books

Software Security: Building Security In, ISBN: 0321356705 by Gary McGraw, is available at retail book stores and online booksellers. List price $49.99USD. http://www.awprofessional.com/title/0321356705 http://www.swsec.com/

The Software Security Library Box Set, ISBN: 0321418700 by Gary McGraw, John Viega, and Greg Hoglund is available at retail book stores and online booksellers. List price $129.99USD. http://www.awprofessional.com/title/0321418700 http://www.buildingsecurityin.com/

Contact: Dede Haskins Cigital (703)404-5753 dhaskins@cigital.com Eric Garulay Addison-Wesley/Prentice Hall (617)848-6425 eric.garulay@aw.com Cigital is a trademark of Cigital, Inc.

First Call Analyst: FCMN Contact:

Cigital, Inc.

CONTACT: Dede Haskins of Cigital, Inc., +1-703-404-5753,dhaskins@cigital.com; or Eric Garulay of Addison-Wesley-Prentice Hall,+1-617-848-6425, eric.garulay@aw.com

Web site: http://www.cigital.com/http://www.awprofessional.com/

Source: PRNewswire

More News in this Category