John Viega Explained

John Viega (born February 22, 1974) is an American computer security author, researcher and professional.

Early life

John Viega earned his BA from the University of Virginia. As an undergraduate, he worked in Randy Pausch's Stage 3 Research Group, as an early contributor to Alice.[1] Viega earned an MS in Computer Science, also from the University of Virginia.[2]

While at the University of Virginia, Viega started a popular mailing list for the Dave Matthews Band.[3] Frustrated by the maintenance costs for a large, active mailing list, he wrote the first version of GNU Mailman, which quickly took off, leading the shift of mailing list management from email commands to the web.[4]

Career

Viega co-authored Building Secure Software[5] (Addison Wesley, 2001), which was the first book to teach developers about writing secure software. He has since co-authored a number of additional books on computer security, including Network Security with OpenSSL[6] (O'Reilly, 2002), the Secure Programming Cookbook[7] (O'Reilly, 2003), Beautiful Security [8] (O'Reilly, 2009), and the 19 Deadly Sins of Software Security [9] (McGraw Hill, 2005)

In 2005, he co-authored the widely used GCM mode of operation for AES, along with David A. McGrew,[10] which was designed to provide both encryption and authentication with one primitive that is both cost-effective in hardware, and unencumbered by parents.

Viega was also a pioneer in static analysis for security vulnerabilities. He was responsible for ITS4,[11] the first static analsyis tool for in this class. He co-founded Secure Software, the first commercial vendor for such tools, which also released an open source tool, Rough Auditing Tool for Security (RATS).

At the end of 2005, Viega left Secure Software and joined McAfee, first as Chief Security Architect, and later as CTO, SaaS. Secure Software was bought by Fortify Software just over a year later.[12]

Post-McAfee, he was an executive at SilverSky, a cloud security provider funded by Goldman Sachs and Bessemer Venture Partners, which was acquired by BAE Systems in 2014,[13] where he was Executive Vice President of Products and Engineering.

In 2016, he left to co-found Capsule8 with Dino Dai-Zovi and Brandon Edwards, which was acquired by Sophos in July 2021.[14]

Viega was also the lead author of OWASP's CLASP,[15] a lightweight process for relating software development to security. He is also a former editor-in-chief for the IEEE Security & Privacy Magazine. He has been an adjunct professor at Virginia Tech, and New York University.[16]

Viega is currently the lead developer for the open source software provenance and observability tool, Chalk, as well as the co-founder and CEO of Crash Override.[17]

Notes and References

  1. Web site: Alice: Lessons Learned from Building a 3D System For Novices . Conway . Matthew . 2000 . dead . https://web.archive.org/web/20010616005041/https://www.cs.cmu.edu/~jpierce/publications/chialice.pdf . 2001-06-16 .
  2. Mailman: The Gnu Mailing List Manager . Viega . John . Warsaw . Barry . Manheimer . Ken . 1998-12-09 . Boston, Ma . 12th Systems Administration Conference (LISA '98).
  3. Book: Brown . Amy . Wilson . Brown . 2012-03-30 . The Architecture of Open Source Applications, Volume II . Lulu . 149 . 978-1105571817.
  4. Mailman: The Gnu Mailing List Manager . Viega . John . Warsaw . Barry . Manheimer . Ken . 1998-12-09 . Boston, Ma . 12th Systems Administration Conference (LISA '98).
  5. Book: Viega . John . McGraw . Gary . 2001-09-24 . Building Secure Software . Addison Wesley . 978-0321774958.
  6. Book: Viega . John . Messier . Matt . Chandra . Pravir . 2002-06-15 . Network Security with OpenSSL . O'Reilly Media . 978-0596002701.
  7. Book: Viega . John . Messier . Matt . 2003-08-19 . Secure Programming Cookbook for C and C++ . O'Reilly Media . 978-0596003944.
  8. Book: Oram . Andy . Viega . John . 2009-07-02 . Beautiful Security: Leading Security Experts Explain How They Think . O'Reilly Media . 978-0596527488.
  9. Book: Howard . Michael . LeBlanc . David . Viega . John . 2005-07-26 . 19 Deadly Sins of Software Security . McGraw-Hill Osborne Media . 978-0072260854.
  10. Web site: The Galois/Counter Mode of Operation (GCM) . McGrew . David A. . Viega . John . John Viega . 5 . 2005.
  11. Book: ITS4: A Static Vulnerability Scanner for C and C++ Code. J.. Viega. J. T.. Bloch. Y.. Kohno. G.. McGraw. 29 December 2018. IEEE Computer Society. 257–. 9780769508597 . 29 December 2018. ACM Digital Library.
  12. Web site: Fortify buys Secure Software. Robert. McMillan. 17 January 2007. InfoWorld.com. 29 December 2018.
  13. Web site: BAE Closes $233M Deal For Cybersecurity Co. SilverSky - Law360. Andrew Westney. Law360.com. 29 December 2018.
  14. Sophos Acquires Capsule8 to Bring Powerful and Lightweight Linux Server and Cloud Container Security to its Adaptive Cybersecurity Ecosystem.... Sophos Inc.. globenewswire.com. 2021-07-07 . 2023-11-30.
  15. Building Security Requirements with CLASP. John. Viega. 10.1145/1083200.1083207. May 2005. ACM 2005 workshop on Software engineering for secure systems—building trustworthy applications. Proceedings of the 2005 workshop on Software engineering for secure systems—building trustworthy applications.
  16. Zero To Exit . Ankur Shah and Neelima Rustagi . 2021-07-29 . 2023-11-30.
  17. The Application Security Podcast . Chris Romeo and Robert Hurlbut . 2023-07-29 . 2023-09-05.