About the Author

Gary McGraw, PhD, is the Chief Technology Officer and a Board member at Cigital <http://www.cigital.com>. Dr. McGraw is a world authority on software security and has coauthored five bestselling security books: Exploiting Software (Addison-Wesley, 2004) with Greg Hoglund of rootkit.com; Building Secure Software (Addison-Wesley, 2001) with John Viega; Java Security: Hostile Applets, Holes, and Antidotes (Wiley, 1996) and Securing Java: Getting Down to Business with Mobile Code (Wiley, 1999) with Prof. Ed Felten of Princeton; and Software Fault Injection: Inoculating Programs against Errors (Wiley, 1998) with Cigital cofounder Dr. Jeffrey Voas. Dr. McGraw regularly contributes to popular trade publications and is often quoted in national press articles. He writes a monthly column on security for IT Architect magazine and is a department editor for IEEE Security & Privacy magazine.

Working with Cigital Professional Services and Cigital Labs, Dr. McGraw sets software quality management technology strategy and oversees the Cigital technology transfer process. His aim is to bridge the gap between cutting-edge science and real-world applicability and to transfer advanced technologies for use in the field. In addition to consulting with major commercial software vendors and consumers, he founded Cigital's Software Security Group and chairs the Cigital Corporate Technology Council.

Dr. McGraw began his career as a research scientist, and he continues to pursue research in software security. He has written over ninety peer-reviewed technical publications and serves as principal investigator on grants from Air Force Research Labs, DARPA, National Science Foundation, and NIST's Advanced Technology Program. He holds a dual PhD in Cognitive Science and Computer Science from Indiana University, where he was a student of Doug Hofstadter, and a BA in Philosophy from the University of Virginia.

Dr. McGraw is a member of the Technical Advisory Boards of Authentica, Counterpane, and Fortify Software. He serves as an Advisor to the UC Davis Department of Computer Science and the University of Virginia Department of Computer Science, and he sits on the Dean's Advisory Council of the School of Informatics at Indiana University. He is a member of the IEEE Security and Privacy Task Force and was recently elected to the IEEE Computer Society Board of Governors.