Presentations by David A. Wheeler

Below are some of the public presentations that I plan to give or have given, in reverse chronological order. Generally I talk about security / software assurance, free-libre / open source software (FLOSS or OSS/FS), open standards, software innovations, various specialized areas of computer technology, or some combination. I post many of my presentations on my website. I'm available for a few speaking engagements each year; I limit the number of trips away from the Washington, DC area, but I do travel if it's important/interesting. Contact me if you'd like me to speak at your event.

[ODP]

Date/Time Topic Organization/Sponsor, Location, Notes

August 8, 2008 Open Proofs Defense BarCamp

June 12, 2008 Securing Open Source Software OWASP (Northern Virginia), Herndon, VA

May 7, 2008 Securing Open Source Software 8th Semi-Annual Software Assurance Forum, May 6-8, 2008, Sheraton Premiere, Tyson's Corner in Vienna, Virginia.

Feb 11, 2008 3pm-4:30pm EST Open Source Software and the DoD Data & Analysis Center for Software (DACS) series. "Open source software (OSS) has become widespread, but there are many misconceptions about it - resulting in numerous missed opportunities. This presentation will clarify what OSS is (and isn't), rebut common misunderstandings about OSS, discuss the relationship of OSS and security, discuss how to find and evaluate OSS, and explain OSS licensing (including how to combine products and select a license). It will show why nearly all extant OSS is COTS software, and thus why it's illegal (as well as foolish) to ignore OSS options."

Dec 11-12, 2007 (1) OSS Licensing and (2) Security and Open Systems / Open Source 3rd DoD Open Conference: Deployment of Open Technologies and Architectures within Military Systems

July 23, 2007, 1145am What's Ahead for OSS and DoD The Open Group, Real-time and Embedded Systems Forum, Austin, TX

March 14, 2007, 1030am Open Source Software (OSS) [for government acquisitions] [PDF] [ODF] [PPT] [OGG] [MP3] [FLAC] [As text] Open Source - Open Standards - Open Architecture: DoD Open Technology Development and Open Source Geospatial Software by the non-profit Association for Enterprise Integration (AFEI), a member of the National Defense Industrial Association (NDIA) family of associations. Held at the Hyatt Hotel Crystal City, Arlington, VA. I was the only person on the panel who wasn't directly employed by the U.S. government. My presentation appears to have inspired a Navy policy memo on OSS.

December 12, 2006, 10am FLOSS and Software Assurance / Security Towards a Transparent Acquisition Marketplace for Increased Mission Agility with Open Technology Development, sponsored by the U.S. GSA. Held at the National Science Foundation (NSF) in Rosslyn, VA. An organizer said, "Thank you for your superb presentation and contribution."

July 12, 2006, 7pm "Open Standards and Security (and OpenDocument too)" Columbia LUG. HP building, 8890 McGaw Rd Ste 100, Columbia, MD.

July 8, 2006, 10am Free-Libre/Open Source Software (FLOSS) and Security NovaLUG. Washington Technology Park/CSC (formerly Dyncorp), 15000 Conference Center Drive, Chantilly, VA. Note: originally scheduled for July 1, 2006.

May 17, 2006, 7pm "FLOSS and security." DCLUG. 2025 M Street NW, Washington DC.

April 26, 2006. 2pm Open source software and security (plenary speaker) The Open Group's "Architecting to the Edge" conference. Hilton Crystal City, Crystal City, Arlington, VA. Allen Brown (CEO and President) wrote, "The Washington meeting was one of our best-attended conferences ever... We couldn't have have made it one of our most successful events without your participation, contribution and confidence".

April 4, 2006 Open Standards and Security [ODF] [OGG] [MP3] [FLAC] LinuxWorld 2006's "Government Day" focusing on open standards, Boston, MA. See my commentary. NewsForge reported on my talk, saying: "Of all the speakers I heard, two really made me sit up and pay attention... [one was David Wheeler, who] spoke in parables to illustrate just what open standards are and why they are important for IT infrastructure security... Through this talk I began to see how base standards in hardware and software could allow vendor innovation while preventing vendor lock-in."

March 2, 2006 Countering Trusting Trust through Diverse Double-Compiling George Mason University (GMU), Fairfax, VA. (An interactive lecture about my ACSAC paper.)

December 5, 2005 Countering Trusting Trust through Diverse Double-Compiling Annual Computer Security Applications Conference (ACSAC 2005), Tucson, Arizona. I describe and discuss a new approach to counters the "uncounterable" Trusting Trust attack, including an experiment that shows it works. Lots of people noticed this paper; Bruce Schneier even has a lengthy article about my paper, saying, "This [Trusting Trust] attack has long been part of the lore of computer security, and everyone knows that there's no defense. And that makes this paper by David A. Wheeler so interesting."

October 11-12, 2005 Session Lead, Tools Open Web Application Security Project (OWASP) Application Security (AppSec) 2005 conference, NIST, Maryland

June 3, 2005 "Why Free-libre / Open Source Software? Look at the Numbers!" "6th International Free Software Forum" / Fórum Internacional Software Livre (FISL) Porto Alegre, Brazil. My travelogue of FISL 2005 in Porto Alegre, Brazil got a lot of press, including a prominent citation in Groklaw. (The paper "Why OSS/FS? Look at the Numbers!" is also available.)

October 27, 2004 "Security and Open Source Software". "Open Source Enterprise Solutions Conference" of the Tech Council of Maryland, Rockville, Maryland. My blog entry on this Tech Council of Maryland talk has more information. Interestingly, a large number of FLOSS security projects (both commercial and non-commercial) are based on Maryland.

March 16, 2004 "Open source software and security" Open Source in Government Conference 2004 (sponsored by the U.S. General Services Administration (GSA) and The Center of Open Source & Government of George Washington University), Washington, DC. My blog entry has more info.

March 11, 2004 "Evaluating OSS/FS Programs." At the conference "You Paid What? A Workshop On Full Cost Accounting Methodology For Information Technology Projects In The Public Sector", Ottawa, Canada.

February 3, 2004 "What Should Governments Examine in Acquiring COTS Open Source Software (OSS)?" Web-enabled Government conference, Ronald Reagan building, Washington, DC (a repeat of the very successful LinuxWorld January 2004 panel).

January 22, 2004 "What Should Governments Examine in Acquiring COTS Open Source Software (OSS)?" LinuxWorld, New York City's Javits center. Blog entry.

December 11, 2003 Security, Open Source, and Ada (Keynote speaker) SIGAda 2003, San Diego, CA.

February 20, 2003, 7pm Secure Programming for Linux and Unix HOWTO University of Baltimore, Baltimore, MD.

February 16, 2002 Secure Programming for Linux and Unix HOWTO Free and Open Source Software Developers' European Meeting (FOSDEM 2002) conference, Brussels, Belgium. See my FOSDEM 2002 Travelogue.

Date/Time	Topic	Organization/Sponsor, Location, Notes
August 8, 2008	Open Proofs	Defense BarCamp
June 12, 2008	Securing Open Source Software	OWASP (Northern Virginia), Herndon, VA
May 7, 2008	Securing Open Source Software	8th Semi-Annual Software Assurance Forum, May 6-8, 2008, Sheraton Premiere, Tyson's Corner in Vienna, Virginia.
Feb 11, 2008 3pm-4:30pm EST	Open Source Software and the DoD	Data & Analysis Center for Software (DACS) series. "Open source software (OSS) has become widespread, but there are many misconceptions about it - resulting in numerous missed opportunities. This presentation will clarify what OSS is (and isn't), rebut common misunderstandings about OSS, discuss the relationship of OSS and security, discuss how to find and evaluate OSS, and explain OSS licensing (including how to combine products and select a license). It will show why nearly all extant OSS is COTS software, and thus why it's illegal (as well as foolish) to ignore OSS options."
Dec 11-12, 2007	(1) OSS Licensing and (2) Security and Open Systems / Open Source	3rd DoD Open Conference: Deployment of Open Technologies and Architectures within Military Systems
July 23, 2007, 1145am	What's Ahead for OSS and DoD	The Open Group, Real-time and Embedded Systems Forum, Austin, TX
March 14, 2007, 1030am	Open Source Software (OSS) [for government acquisitions] [PDF] [ODF] [PPT] [OGG] [MP3] [FLAC] [As text]	Open Source - Open Standards - Open Architecture: DoD Open Technology Development and Open Source Geospatial Software by the non-profit Association for Enterprise Integration (AFEI), a member of the National Defense Industrial Association (NDIA) family of associations. Held at the Hyatt Hotel Crystal City, Arlington, VA. I was the only person on the panel who wasn't directly employed by the U.S. government. My presentation appears to have inspired a Navy policy memo on OSS.
December 12, 2006, 10am	FLOSS and Software Assurance / Security	Towards a Transparent Acquisition Marketplace for Increased Mission Agility with Open Technology Development, sponsored by the U.S. GSA. Held at the National Science Foundation (NSF) in Rosslyn, VA. An organizer said, "Thank you for your superb presentation and contribution."
July 12, 2006, 7pm	"Open Standards and Security (and OpenDocument too)"	Columbia LUG. HP building, 8890 McGaw Rd Ste 100, Columbia, MD.
July 8, 2006, 10am	Free-Libre/Open Source Software (FLOSS) and Security	NovaLUG. Washington Technology Park/CSC (formerly Dyncorp), 15000 Conference Center Drive, Chantilly, VA. Note: originally scheduled for July 1, 2006.
May 17, 2006, 7pm	"FLOSS and security."	DCLUG. 2025 M Street NW, Washington DC.
April 26, 2006. 2pm	Open source software and security (plenary speaker)	The Open Group's "Architecting to the Edge" conference. Hilton Crystal City, Crystal City, Arlington, VA. Allen Brown (CEO and President) wrote, "The Washington meeting was one of our best-attended conferences ever... We couldn't have have made it one of our most successful events without your participation, contribution and confidence".
April 4, 2006	Open Standards and Security [ODF] [OGG] [MP3] [FLAC]	LinuxWorld 2006's "Government Day" focusing on open standards, Boston, MA. See my commentary. NewsForge reported on my talk, saying: "Of all the speakers I heard, two really made me sit up and pay attention... [one was David Wheeler, who] spoke in parables to illustrate just what open standards are and why they are important for IT infrastructure security... Through this talk I began to see how base standards in hardware and software could allow vendor innovation while preventing vendor lock-in."
March 2, 2006	Countering Trusting Trust through Diverse Double-Compiling	George Mason University (GMU), Fairfax, VA. (An interactive lecture about my ACSAC paper.)
December 5, 2005	Countering Trusting Trust through Diverse Double-Compiling	Annual Computer Security Applications Conference (ACSAC 2005), Tucson, Arizona. I describe and discuss a new approach to counters the "uncounterable" Trusting Trust attack, including an experiment that shows it works. Lots of people noticed this paper; Bruce Schneier even has a lengthy article about my paper, saying, "This [Trusting Trust] attack has long been part of the lore of computer security, and everyone knows that there's no defense. And that makes this paper by David A. Wheeler so interesting."
October 11-12, 2005	Session Lead, Tools	Open Web Application Security Project (OWASP) Application Security (AppSec) 2005 conference, NIST, Maryland
June 3, 2005	"Why Free-libre / Open Source Software? Look at the Numbers!"	"6th International Free Software Forum" / Fórum Internacional Software Livre (FISL) Porto Alegre, Brazil. My travelogue of FISL 2005 in Porto Alegre, Brazil got a lot of press, including a prominent citation in Groklaw. (The paper "Why OSS/FS? Look at the Numbers!" is also available.)
October 27, 2004	"Security and Open Source Software".	"Open Source Enterprise Solutions Conference" of the Tech Council of Maryland, Rockville, Maryland. My blog entry on this Tech Council of Maryland talk has more information. Interestingly, a large number of FLOSS security projects (both commercial and non-commercial) are based on Maryland.
March 16, 2004	"Open source software and security"	Open Source in Government Conference 2004 (sponsored by the U.S. General Services Administration (GSA) and The Center of Open Source & Government of George Washington University), Washington, DC. My blog entry has more info.
March 11, 2004	"Evaluating OSS/FS Programs."	At the conference "You Paid What? A Workshop On Full Cost Accounting Methodology For Information Technology Projects In The Public Sector", Ottawa, Canada.
February 3, 2004	"What Should Governments Examine in Acquiring COTS Open Source Software (OSS)?"	Web-enabled Government conference, Ronald Reagan building, Washington, DC (a repeat of the very successful LinuxWorld January 2004 panel).
January 22, 2004	"What Should Governments Examine in Acquiring COTS Open Source Software (OSS)?"	LinuxWorld, New York City's Javits center. Blog entry.
December 11, 2003	Security, Open Source, and Ada (Keynote speaker)	SIGAda 2003, San Diego, CA.
February 20, 2003, 7pm	Secure Programming for Linux and Unix HOWTO	University of Baltimore, Baltimore, MD.
February 16, 2002	Secure Programming for Linux and Unix HOWTO	Free and Open Source Software Developers' European Meeting (FOSDEM 2002) conference, Brussels, Belgium. See my FOSDEM 2002 Travelogue.

(I've given other public presentations besides these, but haven't gotten around to listing them.)

Feel free to see my home page at http://www.dwheeler.com.