I am a working software engineer with more than 30 years of experience in C++ and 20 years of experience in software security experience, including DoD and law enforcement. My areas of focus are in embedded systems, network security and safety critical systems such as aircraft, autonomous vehicles, medical devices, etc.
I am also an internationally recognized speaker and trainer on C++ and software security and have developed the C++ secure coding guidelines for multiple companies, including Synopsys. I train engineers world-wide in Modern C++ and secure Modern C++ development.
Memberships & Associations:
- Voting member of the ISO C++ Standards Committee (WG21)
- Founded the Safety & Security Review Group within the ISO C++ Committee (now SG23)
- Member of the ISO Programming Languages Vulnerabilities Committee (WG23)
- Member of The Society of Automotive Engineers (SAE)
- Member of the SAE Committees on Cybersecurity and Safety for Driving Automation Systems (WG11 and WG13)
Selected Articles:
- Doing Hard Time In The Prison Of Two Ideas
- The Rust On Modern C++ Is Beginning To Show
- Colonial Pipeline And Why We Don’t Mix Systems That Carry Different Risks
- Secure Coding Best Practices (Whitesource Secure Coding)
- The Death Of Modern C++
- Complexity Theory, Relativity And The Theory of Everything
Books:
- Exploiting Modern C++: Writing Secure Code for an Insecure World (Pearson, due in 2024)
YouTube Channels & Series:
Training Courses:
- Exploiting Modern C++: Writing Secure Code for an Insecure World (2-day, 3-day and 5-day courses)
- Practical Modern C++ (1-day and 2-day courses)
- Analysis & Performance of C++ Algorithms (2-day course)
Talks & Training:
- Secure Coding Best Practices (Private Client 2018, Denver C++ Meetup 2018, C++Now 2018,
CppCon 2018, Cpp-Summit 2019 Keynote, WhiteSource Summit 2020) - Threat Modeling (Denver C++ Meetup 2018, SnowFROC 2019, C++Now 2019, Private Client 2020, WhiteSource Summit 2021)
- CppCon 2018 Review (Denver C++ Meetup 2018)
- The ISO C++ Committee (Private Client 2019)
- If You Can’t Open It, You Don’t Own It (C++Now 2019, CppCon 2019, Cpp-Summit 2019,
SnowFROC 2020) - What Air Disasters Tell Us About Safety Critical Designs (TomTom Hackathon 2019, Cpp-Summit 2019)
- Modern C++ Safety & Security at 20 (CppCon 2020)
- C++ Code Reviews for Security (Private Clients 2020, Private Clients 2021, Private Clients 2022)
- Crypto 101 (Private Client 2020, Private Client 2022, Private Clients 2023)
- Threat Modeling for Team Leads (Private Clients 2023*)
- Curiously Recurring Bugs (Private Client 2023*)
- Exploiting Modern C++: Building Highly-Dependable Software (2-day course CppCon 2019)
- Exploiting Modern C++: Writing Secure Code for an Insecure World (Private Clients 2021, Private Clients 2022, Private Clients 2023)
- Practical Modern C++ (New for 2024)
* Scheduled for 2023
Panels & Pod Casts:
- CppCon Panel: Software Security (CppCon 2018)
- Cpp.Chat #38: Hot Fix Our Way To Security (August 2, 2018)
- CppCast #209: Secure Coding with Matthew Butler (August 18, 2019)
- CppCon Panel: What Do You Mean By “Embedded”? (CppCon 2022)