Picture of David A. Wheeler David A. Wheeler
My professional interests focus on computer security (especially in developing secure software), Free/libre/open source software (FLOSS or OSS), improving software development practices, and open standards. I am the Director of Open Source Supply Chain Security at the Linux Foundation (LF) and an adjunct professor in the George Mason University (GMU) Department of Computer Science.
Education/TrainingAwards/Certificates
  • PhD in Information Technology, George Mason University (GMU), 2009 (granted 2010)
  • Certificate for Information System Security, GMU, 2000.
  • Design and Analysis of Distributed Protocols, Summer Session, Massachusetts Institute of Technology (MIT), 1994
  • MS in Computer Science, GMU, 1993 (granted 1994)
  • Certificate for Software Engineering, GMU, 1993 (granted 1994)
  • Software Capability Evaluation (SCE) Training, Software Engineering Institute (SEI), 1993
  • BS in Electronics Engineering, GMU, 1987 (granted 1988); graduation with distinction

Published books

Public/Published articles
Most of my written work is not publicly available (e.g., I've done some work in artificial intelligence and machine learning, as well as more about secure software, that I do not have the right to post). However, if I am allowed to make it publicly available, I try to host it on my website, or at least include a reference to it from my website. Here are some of my publicly-available works, some professional, and some fun:

Interviews
The insatiably curious can see some interviews of me here: David A. Wheeler on the Current State of Application Security (Trusted Software Alliance); "A visit with the Doctor" on The Dave and Gunnar Show, 2014-05-20; "US government accelerating development and release of open source" with Mark Bohannon, Opensource.com, 2014-04-24; "5 Questions with David A. Wheeler" by Melanie Chernoff, Opensource.com, 2012-07-17; "Linux Security Interview with David A. Wheeler" (LinuxSecurity.com); "Under the Brim Interview with David A. Wheeler" ("Under the Brim" August 2002) (here's Red Hat's copy, though with a copy/paste error about "The Economist" and "The Nation" which I didn't say); "How useful are 'proprietary vs. open source' TCO studies?" by NewsForge (on proprietary vs. OSS/FS TCO studies); and "David A. Wheeler's interview" for FOSDEM 2002.

Mentions
I've been mentioned way too many times in various news articles and such to even try to give a complete listing. Here is a sampler.

Presentations and teaching
See my page on presentations if you want to learn about my past or future public presentations. I teach part-time at George Mason University, where I'm an adjunct professor in their Department of Computer Science; if you need to email me in that capacity, use the GMU address dwheele4 (at) gmu (dot) edu instead.

Hobbies/Personal Info
My hobbies include tabletop role-playing games (mostly D&D), chess, singing (bass), and reading (especially science fiction and fact). I also play the piano, guitar, tuba, and baritone horn, though never at the same time. I live in Northern Virginia, near Washington, DC. I'm a Christian; more information about Christianity is available.

Other Stuff
In the mid-1980s I was the maintainer of Scepter of Goth. This was the first commercial multiplayer Role-Playing Game (RPG) in the United States; I think it was the first in the world, though that depends on how you date the commercialization of Scepter and of Bartle's MUD / British Legends. This was before Internet access was widespread; Scepter was a franchise operation, with each franchise running in a local area (customers would dial into a local franchise). Scepter has influenced many later systems, including many of the multi-million-dollar Massively Multiplayer Online Role-Playing Game (MMORPGs) of today. I haven't been in that business for many years, but people still remember me for that.

For many years I worked at the Institute for Defense Analyses (IDA); I started as a consultant in 1987, becamae a research staff member (RSM) not long afterwards, and ended my full-time employment there on 2020-03-31.

Why the middle initial ("A.")?
I always use my middle initial in anything written (including information on the web), because there are a number of other David Wheelers. For example, David John Wheeler (now deceased) was the creator of the Tiny Encryption Algorithm (TEA) (a somewhat popular encryption algorithm unencumbered by patents), and is credited with co-inventing the subroutine. David E. Wheeler is President of Kineticode, a content management and software development consulting company based in Portland, and is the lead developer for Bricolage (an OSS/FS content management system); you can contact him using the address "david" at justatheory dot com.

Note: the Associated Press (AP) Style guide recommends that you include my middle initial in this case. The AP Style guide says to "use middle initials in full name reference only if the person uses it regularly" - and I do use my middle initial regularly.

Other sites

You can find me on other sites such as LinkedIn, GitHub (david-a-wheeler), GitLab (david-a-wheeler), Twitter (drdavidawheeler), Mastodon infosec.exchange (davidawheeler). Hacker News from Y Combinator (dwheeler), Discord davidawheeler, and Youtube (drdavidawheeler).

Biographies

My typical bio, if you need it...
Dr. David A. Wheeler is an expert on developing secure software and on open source software. His works include Software Inspection: An Industry Best Practice, Ada 95: The Lovelace Tutorial, Secure Programming HOWTO, Fully Countering Trusting Trust through Diverse Double-Compiling (DDC), Why Open Source Software / Free Software (OSS/FS)? Look at the Numbers!, and How to Evaluate OSS/FS Programs.

Here's a longer OSS-specific biography:

Dr. David A. Wheeler is an expert on open source software (OSS) and on developing secure software. His works on developing secure software include "Secure Programming HOWTO", the Open Source Security Foundation (OpenSSF) Secure Software Development Fundamentals Courses, and "Fully Countering Trusting Trust through Diverse Double-Compiling (DDC)". He also helped develop the 2009 U.S. Department of Defense (DoD) policy on OSS. Other works of his include "Software Inspection: An Industry Best Practice" and "Ada 95: The Lovelace Tutorial".

David A. Wheeler is the Director of Open Source Supply Chain Security at the Linux Foundation and teaches a graduate course in developing secure software at George Mason University (GMU). Dr. Wheeler has a PhD in Information Technology, a Master's in Computer Science, a certificate in Information Security, a certificate in Software Engineering, and a B.S. in Electronics Engineering, all from George Mason University (GMU). He is a Certified Information Systems Security Professional (CISSP) and a Senior Member of the Institute of Electrical and Electronics Engineers (IEEE). He lives in Northern Virginia.

Here's a higher-resolution picture of me, as well as a headshot. You are welcome to use them under the Creative Commons Attribution-ShareAlike 3.0 Unported License (CC-BY-SA), the same license Wikipedia uses.

Public/Published articles
Most of my written work is not publicly available. However, if I can make it publicly available, I try to host it on my personal website, or at least include a reference to it from my website.

See my contact information if you want to contact me. Or, see my personal home page.