John Viega

Last updated

John Viega (born February 22, 1974) is an American computer security author, researcher and professional.

Contents

Early life

John Viega earned his BA from the University of Virginia. As an undergraduate, he worked in Randy Pausch's Stage 3 Research Group, as an early contributor to Alice. [1] Viega earned an MS in Computer Science, also from the University of Virginia. [2]

While at the University of Virginia, Viega started a popular mailing list for the Dave Matthews Band. [3] Frustrated by the maintenance costs for a large, active mailing list, he wrote the first version of GNU Mailman, which quickly took off, leading the shift of mailing list management from email commands to the web. [4]

Career

Viega co-authored Building Secure Software [5] (Addison Wesley, 2001), which was the first book to teach developers about writing secure software. He has since co-authored a number of additional books on computer security, including Network Security with OpenSSL [6] (O'Reilly, 2002), the Secure Programming Cookbook [7] (O'Reilly, 2003), Beautiful Security [8] (O'Reilly, 2009), and the 19 Deadly Sins of Software Security [9] (McGraw Hill, 2005)

In 2005, he co-authored the widely used GCM mode of operation for AES, along with David A. McGrew, [10] which was designed to provide both encryption and authentication with one primitive that is both cost-effective in hardware, and unencumbered by parents.

Viega was also a pioneer in static analysis for security vulnerabilities. He was responsible for ITS4, [11] the first static analsyis tool for in this class. He co-founded Secure Software, the first commercial vendor for such tools, which also released an open source tool, Rough Auditing Tool for Security (RATS).

At the end of 2005, Viega left Secure Software and joined McAfee, first as Chief Security Architect, and later as CTO, SaaS. Secure Software was bought by Fortify Software just over a year later. [12]

Post-McAfee, he was an executive at SilverSky, a cloud security provider funded by Goldman Sachs and Bessemer Venture Partners, which was acquired by BAE Systems in 2014, [13] where he was Executive Vice President of Products and Engineering.

In 2016, he left to co-found Capsule8 with Dino Dai-Zovi and Brandon Edwards, which was acquired by Sophos in July 2021. [14]

Viega was also the lead author of OWASP's CLASP, [15] a lightweight process for relating software development to security. He is also a former editor-in-chief for the IEEE Security & Privacy Magazine. He has been an adjunct professor at Virginia Tech, and New York University. [16]

Viega is currently the lead developer for the open source software provenance and observability tool, Chalk, as well as the co-founder and CEO of Crash Override. [17]

Related Research Articles

<span class="mw-page-title-main">GNU</span> Free software collection

GNU is an extensive collection of free software, which can be used as an operating system or can be used in parts with other operating systems. The use of the completed GNU tools led to the family of operating systems popularly known as Linux. Most of GNU is licensed under the GNU Project's own General Public License (GPL).

<span class="mw-page-title-main">XBoard</span> Graphical user interface for chess games

XBoard is a graphical user interface chessboard for chess engines under the X Window System. It is developed and maintained as free software by the GNU project. WinBoard is a port of XBoard to run natively on Microsoft Windows.

<span class="mw-page-title-main">Antivirus software</span> Computer software to defend against malicious computer viruses

Antivirus software, also known as anti-malware, is a computer program used to prevent, detect, and remove malware.

<span class="mw-page-title-main">GNU Mailman</span> Mailing list manager software

GNU Mailman is a computer software application from the GNU Project for managing electronic mailing lists. Mailman is coded primarily in Python and currently maintained by Abhilash Raj. Mailman is free software, licensed under the GNU General Public License.

Nessus is a proprietary vulnerability scanner developed by Tenable, Inc.

<span class="mw-page-title-main">GnuTLS</span> Free software library implementing TLS

GnuTLS is a free software implementation of the TLS, SSL and DTLS protocols. It offers an application programming interface (API) for applications to enable secure communication over the network transport layer, as well as interfaces to access X.509, PKCS #12, OpenPGP and other structures.

Authenticated Encryption (AE) is an encryption scheme which simultaneously assures the data confidentiality and authenticity. Examples of encryption modes that provide AE are GCM, CCM.

<span class="mw-page-title-main">Richard Stallman</span> American free software activist and GNU Project founder (born 1953)

Richard Matthew Stallman, also known by his initials, rms, is an American free software movement activist and programmer. He campaigns for software to be distributed in such a manner that its users have the freedom to use, study, distribute, and modify that software. Software that ensures these freedoms is termed free software. Stallman launched the GNU Project, founded the Free Software Foundation (FSF) in October 1985, developed the GNU Compiler Collection and GNU Emacs, and wrote all versions of the GNU General Public License.

In cryptography, Galois/Counter Mode (GCM) is a mode of operation for symmetric-key cryptographic block ciphers which is widely adopted for its performance. GCM throughput rates for state-of-the-art, high-speed communication channels can be achieved with inexpensive hardware resources.

<span class="mw-page-title-main">Fortify Software</span>

Fortify Software, later known as Fortify Inc., is a California-based software security vendor, founded in 2003 and acquired by Hewlett-Packard in 2010, Micro Focus in 2017, and OpenText in 2022.

Rogue security software is a form of malicious software and internet fraud that misleads users into believing there is a virus on their computer and aims to convince them to pay for a fake malware removal tool that actually installs malware on their computer. It is a form of scareware that manipulates users through fear, and a form of ransomware. Rogue security software has been a serious security threat in desktop computing since 2008. An early example that gained infamy was SpySheriff and its clones, such as Nava Shield.

In cryptography, CWC Mode is an AEAD block cipher mode of operation that provides both encryption and built-in message integrity, similar to CCM and OCB modes. It combines the use of CTR mode for encryption with an efficient polynomial Carter–Wegman MAC and is designed by Tadayoshi Kohno, John Viega and Doug Whiting.

Email encryption is encryption of email messages to protect the content from being read by entities other than the intended recipients. Email encryption may also include authentication.

Secure coding is the practice of developing computer software in such a way that guards against the accidental introduction of security vulnerabilities. Defects, bugs and logic flaws are consistently the primary cause of commonly exploited software vulnerabilities. Through the analysis of thousands of reported vulnerabilities, security professionals have discovered that most vulnerabilities stem from a relatively small number of common software programming errors. By identifying the insecure coding practices that lead to these errors and educating developers on secure alternatives, organizations can take proactive steps to help significantly reduce or eliminate vulnerabilities in software before deployment.

<span class="mw-page-title-main">Peter H. Gregory</span>

Peter Hart Gregory, CISA, CISSP is an American information security advisor, computer security specialist, and writer. He is the author of several books on computer security and information technology.

<span class="mw-page-title-main">Computer virus</span> Computer program that modifies other programs to replicate itself and spread

A computer virus is a type of malware that, when executed, replicates itself by modifying other computer programs and inserting its own code into those programs. If this replication succeeds, the affected areas are then said to be "infected" with a computer virus, a metaphor derived from biological viruses.

Gary McGraw is an American computer scientist, author, and researcher.

<span class="mw-page-title-main">Scapy</span>

Scapy is a packet manipulation tool for computer networks, originally written in Python by Philippe Biondi. It can forge or decode packets, send them on the wire, capture them, and match requests and replies. It can also handle tasks like scanning, tracerouting, probing, unit tests, attacks, and network discovery.

Static application security testing (SAST) is used to secure software by reviewing the source code of the software to identify sources of vulnerabilities. Although the process of statically analyzing the source code has existed as long as computers have existed, the technique spread to security in the late 90s and the first public discussion of SQL injection in 1998 when Web applications integrated new technologies like JavaScript and Flash.

References

  1. Conway, Matthew (2000). "Alice: Lessons Learned from Building a 3D System For Novices" (PDF). Archived from the original (PDF) on 2001-06-16.
  2. Viega, John; Warsaw, Barry; Manheimer, Ken (1998-12-09). Mailman: The Gnu Mailing List Manager. 12th Systems Administration Conference (LISA '98). Boston, Ma.
  3. Brown, Amy; Wilson, Brown (2012-03-30). The Architecture of Open Source Applications, Volume II. Lulu. p. 149. ISBN   978-1105571817.
  4. Viega, John; Warsaw, Barry; Manheimer, Ken (1998-12-09). Mailman: The Gnu Mailing List Manager. 12th Systems Administration Conference (LISA '98). Boston, Ma.
  5. Viega, John; McGraw, Gary (2001-09-24). Building Secure Software. Addison Wesley. ISBN   978-0321774958.
  6. Viega, John; Messier, Matt; Chandra, Pravir (2002-06-15). Network Security with OpenSSL. O'Reilly Media. ISBN   978-0596002701.
  7. Viega, John; Messier, Matt (2003-08-19). Secure Programming Cookbook for C and C++. O'Reilly Media. ISBN   978-0596003944.
  8. Oram, Andy; Viega, John (2009-07-02). Beautiful Security: Leading Security Experts Explain How They Think. O'Reilly Media. ISBN   978-0596527488.
  9. Howard, Michael; LeBlanc, David; Viega, John (2005-07-26). 19 Deadly Sins of Software Security. McGraw-Hill Osborne Media. ISBN   978-0072260854.
  10. McGrew, David A.; Viega, John (2005). "The Galois/Counter Mode of Operation (GCM)" (PDF). p. 5.
  11. Viega, J.; Bloch, J. T.; Kohno, Y.; McGraw, G. (29 December 2018). ITS4: A Static Vulnerability Scanner for C and C++ Code. IEEE Computer Society. pp. 257–. ISBN   9780769508597 . Retrieved 29 December 2018 via ACM Digital Library.
  12. McMillan, Robert (17 January 2007). "Fortify buys Secure Software". InfoWorld.com. Retrieved 29 December 2018.
  13. Andrew Westney. "BAE Closes $233M Deal For Cybersecurity Co. SilverSky - Law360". Law360.com. Retrieved 29 December 2018.
  14. Sophos Inc. (2021-07-07). "Sophos Acquires Capsule8 to Bring Powerful and Lightweight Linux Server and Cloud Container Security to its Adaptive Cybersecurity Ecosystem..." globenewswire.com (Press release). Retrieved 2023-11-30.
  15. Viega, John (May 2005). "Building Security Requirements with CLASP". Proceedings of the 2005 workshop on Software engineering for secure systems—building trustworthy applications. ACM 2005 workshop on Software engineering for secure systems—building trustworthy applications. doi:10.1145/1083200.1083207.
  16. Ankur Shah and Neelima Rustagi (2021-07-29). "Zero To Exit" (Podcast). Retrieved 2023-11-30.
  17. Chris Romeo and Robert Hurlbut (2023-07-29). "The Application Security Podcast" (Podcast). Retrieved 2023-09-05.
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.