Gary McGraw

Gary McGraw is a software security pioneer and technology expert who has significantly influenced the field of application security and secure software development. He is best known for authoring multiple influential books including "Software Security: Building Security In" and "Exploiting Software: How to Break Code." As the founder and former CTO of Cigital (now part of Synopsys), McGraw helped establish many of the fundamental practices used in software security today. He introduced key concepts like the "trinity of trouble" in software security and developed the Building Security In Maturity Model (BSIMM), a framework for software security initiatives. Throughout his career, McGraw has served as a board member for various technology companies and security organizations, while maintaining a position as a regular contributor to academic journals and industry publications. His work bridges the gap between theoretical computer science and practical software security implementation. McGraw's influence extends beyond writing and consulting through his role as an educator and speaker at major security conferences worldwide. He holds a dual PhD in Cognitive Science and Computer Science from Indiana University, where his early research focused on artificial intelligence and cognitive science.

Readers value McGraw's software security expertise and technical depth, particularly in his books "Software Security" and "Building Secure Software." Reviews highlight his clear explanations of complex security concepts and practical examples. Liked: - Detailed technical walkthroughs - Real-world case studies - Focus on implementation rather than theory - Code samples and actionable advice Disliked: - Dense, academic writing style - Some content becomes dated quickly - Limited coverage of newer threats - High price point of textbooks Ratings: Amazon: "Software Security" - 4.1/5 from 31 reviews Goodreads: "Building Secure Software" - 3.8/5 from 89 ratings Amazon: "Exploiting Online Games" - 3.9/5 from 12 reviews Multiple readers noted McGraw's books work better as references than cover-to-cover reads. A common complaint is the formal tone making concepts harder to grasp for beginners. Several praised the thorough coverage while wanting more practical exercises.

Software Security: Building Security In (2006) A technical guide covering software security best practices, risk management, and secure programming techniques from the ground up.

Exploiting Online Games: Cheating Massively Distributed Systems (2007) An examination of security vulnerabilities in online gaming systems and how cheaters exploit them.

Building Secure Software: How to Avoid Security Problems the Right Way (2001) A comprehensive approach to incorporating security throughout the software development lifecycle.

Software Fault Injection: Inoculating Programs Against Errors (1998) A detailed look at fault injection techniques used to test software reliability and security.

Securing Java: Getting Down to Business with Mobile Code (1999) An analysis of Java security architecture and its implications for mobile code safety.

Java Security (1996) A technical exploration of the Java platform's security model and mechanisms.

24 Deadly Sins of Software Security: Programming Flaws and How to Fix Them (2009) A systematic breakdown of common software security vulnerabilities and their solutions.

Enterprise Security Architecture: A Business-Driven Approach (2006) A methodology for developing security architectures aligned with business objectives.