David A. Wheeler My professional interests are in improving software development practices for higher-risk software systems (i.e., ones which must be secure, large, and/or safety-critical). My specialties include writing secure programs, vulnerability assessment, open standards, open source software / free software (OSS/FS), Internet/web standards and technologies, and POSIX.

Published books

• Software Inspection: An Industry Best Practice by David A. Wheeler, Bill Brykczynski, and Reginald N. Meeson, Jr. (IEEE Computer Society Press)
• Ada 95: The Lovelace Tutorial by David A. Wheeler (Springer-Verlag)
• Secure Programming for Linux and Unix HOWTO by David A. Wheeler (self-published)

Public/Published articles
Most of my written work is not publicly available. However, if I can make it publicly available, I try to host it on my website, or at least include a reference to it from my website. Here are some of my publicly-available works, some professional, and some fun:

• Security
  • Secure Programming for Linux and Unix HOWTO (information on creating secure software)
  • My developerWorks column "Secure Programmer"
  • "Countering Trusting Trust through Diverse Double-Compiling (DDC)", Proceedings of the Twenty-First Annual Computer Security Applications Conference (ACSAC). This is an academic paper on how to counter the "Trusting Trust" attack, the attack everyone assumed was essentially uncounterable.
  • Securing Microsoft Windows (for Home and Small Business Users)
  • Software Configuration Management (SCM) Security
  • "Techniques for Cyber Attack Attribution" by David A. Wheeler (Oct 2003); this summarizes various techniques to perform attribution (aka traceback or source tracking) on networks, esp. TCP/IP networks.
• Open Source Software/Free Software (OSS/FS)
  • Why Open Source Software / Free Software (OSS/FS)? Look at the Numbers!
  • How to Evaluate OSS/FS Programs
  • Make Your Open Source Software GPL-Compatible. Or Else
  • Comments on Open Source Software / Free Software (OSS/FS) Software Configuration Management (SCM) systems
  • More than a Gigabuck: Estimating GNU/Linux’s size
  • Linux Program Library HOWTO
  • Linux man pages for uri(7) and the rewrite of man(7) and mdoc(7).
• Mathematical Recreations
  • The Definitive Four Fours Answer Key
  • Way Off Base (discussing weird bases)
  • When Adding and Multiplying are the Same
• Other
  • The Most Important Software Innovations
  • A Garden of Chess Openings
  • Fischer Random Chess (Chess960)

Interviews
The insatiably curious can see some interviews of me here: "Linux Security Interview with David A. Wheeler" (LinuxSecurity.com), "Under the Brim Interview with David A. Wheeler" ("Under the Brim" August 2002), "How useful are 'proprietary vs. open source' TCO studies?" by NewsForge (on proprietary vs. OSS/FS TCO studies), and "David A. Wheeler's interview" for FOSDEM 2002.

Mentions
I've been mentioned way too many times in various news articles and such to even try to give a complete listing. I've been thanked by various folks for my suggestions, such as for my XML expertise while participating in the development of the Open Document standard, and by Eric S. Raymond for contributing "many perceptive criticisms and some case-study material, especially in the design" in his book The Art of Unix Programming. The article Getting FUD Up? Get The Facts by Matt McKenzie praises my article Why Open Source Software / Free Software (OSS/FS)? Look at the Numbers!, saying it's a "jaw-dropping essay" and is "the best compilation of [quantitative] data I've ever seen to support the use of open-source software." Steven J. Vaughan-Nichols' "HP Releases Multi-level Security Services for RHEL5" (01-NOV-2007) cites me as an expert on the relationship between open source software and security. Bruce Schneier's article "Countering 'Trusting Trust'" describes my security work that counters the "trusting trust" attack.

Hobbies/Personal Info
My hobbies include chess, singing (bass), and reading (especially science fiction and fact). I also play the piano, guitar, tuba, and baritone horn, though never at the same time. I live in Northern Virginia, near Washington, DC. I'm a Christian; more information about Christianity is available.

Other Stuff
In the mid-1980s I was the maintainer of Scepter of Goth. This was the first commercial multiplayer Role-Playing Game (RPG) in the United States; it may have been the first in the world, depending on how you date the commercialization of Scepter and of Bartle's MUD / British Legends. This was before Internet access was widespread; Scepter was a franchise operation, with each franchise running in a local area (customers would dial into a local franchise). Scepter has influenced many later systems, including many of the multi-million-dollar Massively Multiplayer Online Role-Playing Game (MMORPGs) of today. I haven't been in that business for many years, but people still remember me for that.

Why the middle initial?
I always use my middle initial in anything written (including information on the web), because there are a number of other David Wheelers. For example, David John Wheeler (now deceased) was the creator of the Tiny Encryption Algorithm (TEA) (a somewhat popular encryption algorithm unencumbered by patents), and is credited with co-inventing the subroutine. David E. Wheeler is President of Kineticode, a content management and software development consulting company based in Portland, and is the lead developer for Bricolage (an OSS/FS content management system); you can contact him using the address "david" at justatheory dot com.

See my contact information if you want to contact me. Or, see my personal home page.