John Viega

From Wikipedia, the free encyclopedia
Jump to navigation Jump to search

John Viega (born February 22, 1974) is an American computer security author, researcher and professional.

Early life[edit]

He earned his BA from the University of Virginia. As an undergraduate, he worked in Randy Pausch's Stage 3 Research Group, as an early contributor to Alice.[1] Viega earned an MS in Computer Science, also from the University of Virginia.[citation needed]


John Viega co-authored the widely used GCM mode of operation for AES, along with David A. McGrew.[2] He also co-designed its predecessor, CWC mode[3]

John Viega was also a pioneer in static analysis for security vulnerabilities. He was responsible for the first publicly available tool, ITS4.,[4] as well as the prominent open source Rough Auditing Tool for Security (RATS). He also founded Secure Software, the first commercial vendor for such tools, which was bought by Fortify Software.[5]

John Viega was also the original author of OWASP's CLASP,[6] a lightweight process for relating software development to security. He is also a former editor-in-chief for the IEEE Security & Privacy Magazine. In addition, Viega is the original author of the GNU Mailman mailing list program.[7]

John Viega is Executive Vice President, Products and Engineering at BAE Systems Applied Intelligence. He joined BAE Systems through the 2014 acquisition of SilverSky, a cloud security provider funded by Goldman Sachs and Bessemer Ventures.[8] Prior to SilverSky, Viega was at McAfee, where he was CTO for SaaS, and prior to that, McAfee's Chief Security Architect. He currently teaches at NYU, and has previously taught at Virginia Tech.[citation needed] In 2016, he founded Capsule8, which was acquired by Sophos in July, 2021.[9]

He is the co-author of Building Secure Software (Addison Wesley, 2001), which was the first book to teach developers how to write secure software. He has since co-authored a number of additional books on computer security, including The Myths of Security (O'Reilly, 2009), Beautiful Security, (O'Reilly, 2009) Network Security with OpenSSL (O’Reilly, 2002), the Secure Programming Cookbook (O’Reilly, 2003) and the 19 Deadly Sins of Software Security (McGraw Hill, 2005).[citation needed]


  1. ^ Conway, Matthew (2000). "Alice: Lessons Learned from Building a 3D System For Novices" (PDF). Archived from the original (PDF) on 2001-06-16.
  2. ^ McGrew, David A.; Viega, John (2005). "The Galois/Counter Mode of Operation (GCM)" (PDF). p. 5. '
  3. ^ Kohno, Tadayoshi; Viega, John; Whiting, Doug (2003). "The CWC Authenticated Encryption (Associated Data) Mode" (PDF).
  4. ^ Viega, J.; Bloch, J. T.; Kohno, Y.; McGraw, G. (29 December 2018). "ITS4: A Static Vulnerability Scanner for C and C++ Code". IEEE Computer Society. pp. 257–. Retrieved 29 December 2018 – via ACM Digital Library.
  5. ^ McMillan, Robert (17 January 2007). "Fortify buys Secure Software". Retrieved 29 December 2018.
  6. ^ Viega, John. "Building Security Requirements with CLASP". CiteSeerX {{cite journal}}: Cite journal requires |journal= (help)
  7. ^ "Mailman: The GNU Mailing List Manager (Extended Abstract)" (PDF). Retrieved 29 December 2018.
  8. ^ Andrew Westney. "BAE Closes $233M Deal For Cybersecurity Co. SilverSky - Law360". Retrieved 29 December 2018.
  9. ^ Sophos Inc. "Sophos Acquires Capsule8 to Bring Powerful and Lightweight Linux Server and Cloud Container Security to its Adaptive Cybersecurity Ecosystem..." Retrieved 26 May 2022.