Gary McGraw is an American computer scientist, author, and researcher.
|Alma mater||PhD, Cognitive Science and Computer Science - Indiana University B.A. Philosophy - University of Virginia|
|Title||Vice President of Security Technology at Synopsys, Inc.|
McGraw holds a dual PhD in Cognitive Science and Computer Science from Indiana University and a BA in Philosophy from the University of Virginia. His doctoral dissertation is titled "Letter Spirit: Emergent High-Level Perception of Letters Using Fluid Concepts."
McGraw was the Vice President of Security Technology at Synopsys. Before Cigital was acquired by Synopsys, he was Chief Technical Officer at Cigital. He produced the Silver Bullet Security Podcast for IEEE Security & Privacy magazine (syndicated by informIT).  Gary McGraw serves on the Dean's Advisory Council for the School of Informatics of Indiana University. He also serves on the advisory boards of several companies, including Dasient (acquired by Twitter), Fortify Software (acquired by Hewlett-Packard), Max Financial, Invotas, Wall+Main, Invincea (acquired by Sophos), and Raven White. In the past, Gary McGraw has served on the IEEE Computer Society Board of Governors.
Gary is an author of many books and over 100 peer-reviewed publications on IT security.
- Software Security: Building Security In, ISBN 978-0-321-35670-3
- Exploiting Software: How to Break Code (with Greg Hoglund), ISBN 978-0-201-78695-8
- Building Secure Software: How to Avoid Security Problems the Right Way (with John Viega), ISBN 978-0-321-77495-8
- Java Security (with Edward Felten), ISBN 978-0-471-17842-2
- Exploiting Online Games: Cheating Massively Distributed Systems (with Greg Hoglund), ISBN 978-0-13-227191-2
- Software Security Engineering: A Guide for Project Managers (with Julia H. Allen, Sean J. Barnum, Robert J. Ellison, and Nancy R. Mead) ISBN 978-0-321-50917-8
- Software Fault Injection (with Jeffrey M. Voas) ISBN 978-0-471-18381-5
- Securing Java: Getting Down to Business with Mobile Code (with Edward Felten), ISBN 978-0-471-31952-8
- "The University of Virginia". www.virginia.edu. Retrieved 2015-10-02.
- McGraw, Gary (1995). "Indiana University, Bloomington IN". Indiana University. The Center for Research on Concepts and Cognition. Archived from the original on 10 September 2015. Retrieved 2 October 2015.
- "Software Security Expert Opinion | Gary McGraw". Retrieved December 21, 2017.
- Mills, Elinor (2010-05-12). "Gary McGraw on developing secure software (Q&A)". CNet.
- McGraw, Gary; Migues, Sammy (2010-12-29). "Driving Efficiency and Effectiveness in Software Security". InformIT.
- "Business". www.cigital.com. Retrieved 2015-10-02.
- Ben Rothke. "Software Security: Building Security In", Security Management magazine
- Radu State. Review of "Software Security: Building Security In by Gary McGraw", ACM Queue 4(7):44 (2006)
- "Software Security : Building Security In", Palizine, Issue #18 February 2006
- Robert Bruen. "Software Security. Building Security In", Cipher (IEEE magazine), Jan 5, 2006
- Alen Prodan. "Exploiting Software: How to Break Code", Help Net Security, 21 July 2004
- A. Mariën. Review of "Exploiting Software: How to Break Code by Greg Hoglund and Gary McGraw", ACM Queue, 3(4):60 (2005)
- Robert Bruen. "Exploiting Software. How to Break Code", Cipher (IEEE magazine), January 13, 2004
- Aleksandar Stancin. "Building Secure Software: How to Avoid Security Problems the Right Way", Help Net Security
- Robert Bruen. "Building Secure Software. How to Avoid Security Problems the Right Way", Cipher (IEEE magazine), January 9, 2002
- Diomidis Spinellis. "Book review: Building Secure Software: how to Avoid Security Problems the Right Way", ACM Computing Reviews, 43(4):103–104, April 2002.