David A. Wheeler
My professional interests focus on computer security (especially in developing secure software), Free/libre/open source software (FLOSS or OSS), improving software development practices, and open standards. I am the Director of Open Source Supply Chain Security at the Linux Foundation.
Most of my written work is not publicly available (e.g., I've done some work in artificial intelligence and machine learning, as well as more about secure software, that I do not have the right to post). However, if I am allowed to make it publicly available, I try to host it on my website, or at least include a reference to it from my website. Here are some of my publicly-available works, some professional, and some fun:
The insatiably curious can see some interviews of me here: David A. Wheeler on the Current State of Application Security (Trusted Software Alliance); "A visit with the Doctor" on The Dave and Gunnar Show, 2014-05-20; "US government accelerating development and release of open source" with Mark Bohannon, Opensource.com, 2014-04-24; "5 Questions with David A. Wheeler" by Melanie Chernoff, Opensource.com, 2012-07-17; "Linux Security Interview with David A. Wheeler" (LinuxSecurity.com); "Under the Brim Interview with David A. Wheeler" ("Under the Brim" August 2002) (here's Red Hat's copy, though with a copy/paste error about "The Economist" and "The Nation" which I didn't say); "How useful are 'proprietary vs. open source' TCO studies?" by NewsForge (on proprietary vs. OSS/FS TCO studies); and "David A. Wheeler's interview" for FOSDEM 2002.
I've been mentioned way too many times in various news articles and such to even try to give a complete listing. Here is a sampler.
Presentations and teaching
See my page on presentations if you want to learn about my past or future public presentations. I teach part-time at George Mason University, where I'm an adjunct professor in their Department of Computer Science; if you need to email me in that capacity, use the GMU address dwheele4 (at) gmu (dot) edu instead.
My hobbies include tabletop role-playing games (mostly D&D), chess, singing (bass), and reading (especially science fiction and fact). I also play the piano, guitar, tuba, and baritone horn, though never at the same time. I live in Northern Virginia, near Washington, DC. I'm a Christian; more information about Christianity is available.
In the mid-1980s I was the maintainer of Scepter of Goth. This was the first commercial multiplayer Role-Playing Game (RPG) in the United States; I think it was the first in the world, though that depends on how you date the commercialization of Scepter and of Bartle's MUD / British Legends. This was before Internet access was widespread; Scepter was a franchise operation, with each franchise running in a local area (customers would dial into a local franchise). Scepter has influenced many later systems, including many of the multi-million-dollar Massively Multiplayer Online Role-Playing Game (MMORPGs) of today. I haven't been in that business for many years, but people still remember me for that.
For many years I worked at the Institute for Defense Analyses (IDA); I started as a consultant in 1987, becamae a research staff member (RSM) not long afterwards, and ended my full-time employment there on 2020-03-31.
Why the middle initial?
I always use my middle initial in anything written (including information on the web), because there are a number of other David Wheelers. For example, David John Wheeler (now deceased) was the creator of the Tiny Encryption Algorithm (TEA) (a somewhat popular encryption algorithm unencumbered by patents), and is credited with co-inventing the subroutine. David E. Wheeler is President of Kineticode, a content management and software development consulting company based in Portland, and is the lead developer for Bricolage (an OSS/FS content management system); you can contact him using the address "david" at justatheory dot com.
You can find me on other sites such as LinkedIn, GitHub (david-a-wheeler), Twitter (drdavidawheeler), and Youtube (drdavidawheeler).
My typical bio, if you need it...
Dr. David A. Wheeler is an expert on developing secure software and on open source software. His works include Software Inspection: An Industry Best Practice, Ada 95: The Lovelace Tutorial, Secure Programming HOWTO, Fully Countering Trusting Trust through Diverse Double-Compiling (DDC), Why Open Source Software / Free Software (OSS/FS)? Look at the Numbers!, and How to Evaluate OSS/FS Programs.
Here's a longer OSS-specific biography:
Dr. David A. Wheeler is an expert on open source software (OSS) and on developing secure software. His works on OSS include "Why Open Source Software / Free Software (OSS/FS)? Look at the Numbers!", "How to Evaluate OSS/FS Programs", "Publicly Releasing Open Source Software Developed for the U.S. Government", and "Open Source Software is Commercial". He also helped develop the U.S. Department of Defense (DoD) policy on OSS. His works on developing secure software include "Secure Programming HOWTO" and "Fully Countering Trusting Trust through Diverse Double-Compiling (DDC)". Other works of his include "Software Inspection: An Industry Best Practice" and "Ada 95: The Lovelace Tutorial".
David A. Wheeler is the Director of Open Source Supply Chain Security at the Linux Foundation and teaches a graduate course in developing secure software at George Mason University (GMU). Dr. Wheeler has a PhD in Information Technology, a Master's in Computer Science, a certificate in Information Security, and a B.S. in Electronics Engineering, all from George Mason University (GMU), and is a Certified Information Systems Security Professional (CISSP). He lives in Northern Virginia.
Here's a higher-resolution picture of me; you are welcome to use it under the Creative Commons Attribution-ShareAlike 3.0 Unported License (CC-BY-SA), the same license Wikipedia uses.
Most of my written work is not publicly available. However, if I can make it publicly available, I try to host it on my personal website, or at least include a reference to it from my website.
See my contact information if you want to contact me. Or, see my personal home page.