Presentations and More from David A. Wheeler

Below are some of the presentations that I plan to give or have given, in reverse chronological order. I also include some selected posts, articles, papers, and books that I wrote or where I'm quoted; I originally didn't do that, but including them turns out to be convenient. Dates are in ISO 8601 date format (YYYY-MM-DD).

Generally I talk about security / software assurance, free-libre / open source software (FLOSS or OSS/FS), open standards, software innovations, various specialized areas of computer technology, or some combination. I post many of my presentations on my website. I'm available for a few speaking engagements each year; I limit the number of trips away from the Washington, DC area, but I do travel if it's important/interesting. Contact me if you'd like me to speak at your event. You can also see more information about me and the

  • See also: Credly list of my digital badges/awards.

    Date/TimeTopicOrganization/Sponsor, Location, Notes
    2023-05-08..12 Program Committee of SupplyChainSecurityCon, Program Committee of Linux Security Summit, OpenSSF Day, Spaker at Open Source Summit Open Source Summit North America, Vancouver, Canada
    2023-04-27 SLSA 1.0 is here! What’s it mean for you?, anelist with Isaac Hepworth (Google) Cloudsmith Webinar
    2023-04-17 Distinguish between source and vendor OpenSSF Blog
    2023-04-17 Distinguish between source and vendor OpenSSF Blog
    2023-04-10 Securing Open Source Software Projects – David A. Wheeler, Open Source Security Foundation TechStrong.TV
    2023-04-03 Workshop participant US Open Source Software Policy Jam, Arlington, VA
    2023-03-30 Open Source Software (OSS) Supply Chain Security slides - select part 2) C4DT Conference on Software Supply Chain Security, hosted by The Center for Digital Trust, Switzerland
    2023-03-22 Panelist, Software Supply Chain Leadership Series: Come SLSA with us!"
    2023-03-16 How to Get Involved in OpenSSF Working Groups and Projects OpenSSF Town Hall (virtual meeting) (video)
    2023-03-10 How OpenSSF Aims to Make Log4j-Like Incidents Rare by Nancy Liu (interviewee) sdxcentral
    2023-02-28 "DevOps, Security, and Open Source Software" presentation (sizzle video) The Big Fix (Livestream)
    2023-02-22 Co-lead Virtual Maintainer Summit for Critical OSS Projects
    2023-02-22 "Open Source Software Security" Linux Foundation (LF) Edge TAC meeting
    2023-02-15 "Software Supply Chain Security - Key Terms, Players, and Projects You Need to Know About - Part 2" (The Secure Developer Episode 127) with Guy Podjarny, Simon Maple, Lena Smart, Emily Fox, Aeva Black, Brian Behlendorf, Jim Zemlin, and Dr. David A. Wheeler The Secure Developer Podcast
    2022-12-23 Interviewee, Software bills of material face long road to adoption by Elias Groll and John Hewitt Jones CyberScoop
    2022-12-17 Open Source Software Security (OpenCode '22) OpenCode '22, Technical Society of Indian Institute of Information Technology, Allahabad, India
    2022-12-15 Interviewee, Supporter spotlight: David A. Wheeler on supply chain security Reproducible Builds project
    2022-12-05..06 Speaker OpenSSF Day Japan, part of Open Source Summit Japan 2022, Yokohama, Japan
    2022-12-02 Speaker/panelist Trustworthy and Secure OSS, Open Source Workshops for Computing and Sustainability, organised by the European Commission in collaboration with the Coordination and Support Action, Brussels, Belgium
    2022-11-16 Speaker (video recording) (announcement) TechStrong DevOps Experience 2022 (agenda)
    2022-11-16 OpenSSF Expands Supply Chain Integrity Efforts with S2C2F OpenSSF Blog
    2022-11-08..11 Participant Linux Foundation Member Summit / OpenSSF Governing Board Meeting
    2022-11-07 Open Source Security Foundation (OpenSSF) Best Practices Working Group (WG) (recorded) OpenSSF China Summit
    2022-11-03 "Linux Foundation & Open Source Security Foundation Input to Cybersecurity RFI from the OCND" (Co-author) Response to the US Office of the National Cyber Director Requests Your Insight and Expertise on Cyber Workforce, Training, and Education RFI
    2021-10-31 "For More Secure Code, Cybersecurity Needs to Shift Left" by David A. Wheeler National Initiative for Cybersecurity Education (NICE) Fall 2022 Quarterly eNewsletter
    2022-10-19..20 Speaker Workshop, Stockholm, Sweden. This was a "Workshop to help organizations effectively implement Open Source Program Offices (OSPOs) based on specific region needs in Europe. October's is hosted by OSPO at Ericsson and co-organized with TODO, OpenChain, SPDX, CHAOSS and OpenSSF projects."
    2022-10-14 ‘We don’t teach developers how to write secure software’ – Linux Foundation’s David A Wheeler on reversing the CVE surge (interview of me by Adam Bannister) The Daily Swig
    2022-10-11 Securing Open Source Software is Securing Critical Infrastructure (author) OpenSSF Blog
    2022-10-06 Security and Open Source Software Telefonica Meetup
    2022-09-28..29 Speaker, Open Source Software is Critical Infrastructure pictures: 1 2 2022 Critical Infrastructure Security Summit, American Institute of Architects HQ, Washington, DC
    2022-09-27 The United States Securing Open Source Software Act: What You Need to Know (Act summary) (Co-author) OpenSSF Blog
    2022-09-21..22 Securing the software that matters Open Mainframe Summit 2022, Philadelphia, PA (presentations)
    2022-09-19 Open-Source Community (presenter/panelist) NCCOE DevOps Workshop (agenda and bios) by NIST
    2022-09-13 "A Proposal to Operationalize Component Identification for Vulnerability Management" (co-author) SBOM Forum (OWASP, Linux Foundation, and many others)
    2022-09-05 "OpenSSF Launches npm Best Practices" (quoted) OpenSourceForU
    2022-08-24..25 Steering Committee and panelist in "Behavioral & Economic Incentives to Secure the OSS Ecosystem" panel Open-Source Software Security Initiative Workshop, initiated by the White House Office of Management and Budget (OMB), the National Science Foundation (NSF), and the National Institute of Standards and Technology (NIST) (Summary in Recommendations from the Workshop on Open-source Software Security Initiative by Angelos D. Keromytis, Georgia Institute of Technology)
    2022-08-19 Capital One And Akamai Joins The Open Source Security Group by Laveesh Kocher (quoted)
    2022-08-18 Don’t leave open source open to vulnerabilities (quoted) VentureBeat
    2022-08-18 “We have an endemic problem” OpenSSF director warns over secure development (quoted) The Stack
    2022-08-17 Capital One, Akamai among 13 organizations added to open source security group (quoted) SC Magazine
    2022-08-15 How to get involved in OpenSSF Working Groups and Projects OpenSSF Town Hall
    2022-08-12 The missing ingredient in software security: grassroots education TEISS newsletter. Quote: "I was recently asked, “what’s the role of grassroots education in developing secure software and securing software supply chains?” My answer is “none, because we lack grass.” ... Relatively few software developers know how to develop secure software, or how to secure their software supply chains." Access is no cost but registration is required.
    2022-08-15 Open Source Security Foundation - David A. Wheeler, Linux Foundation; Interview with Alan Shimel TechStrong TV
    2022-08-02 Let's talk Open Source Supply Chain with David A. Wheeler, Linux Foundation In the Nic of Time with Nic Chaillan, former U.S. Air Force and Space Force Chief Software Officer
    2022-06-23..24 Program Committee, Linux Security Summit Open Source Summit - North America, Austin, TX
    2022-06-23 David A. Wheeler, Linux Foundation | Open Source Summit NA 2022 (interview by Alan Shimel) TechStrong TV, Digital Anarchist Network
    2022-06-22 Manage Session Panel Discussion: Summing Up the Summit: OpenSSF’s May 2022 Gathering and Action Plan Open Source Summit - North America, Austin, TX
    2022-06-21..22 Program Committee, SupplyChainSecurityCon Open Source Summit - North America, Austin, TX
    2022-06-20 Education & Training for Secure Software Development & Distribution (slides) OpenSSF Day, Austin, TX (schedule, other presentations)
    2022-05-12..13 Stream 1 (Education) lead and Participant, in response to the Open Source Software Security Mobilization Plan. Images: 1, 2, 3. Open Source Software (OSS) Summit II, Linux Foundation & US White House, Washington, DC
    2022-05-12 Open Source Software Security Mobilization Plan that I co-edited and contributed to. Open Source Software (OSS) Summit II, Linux Foundation & US White House, Washington, DC
    2022-05-11 Invited Panelist Wilson Center Roundtable on Open Source, Cybersecurity, and Artificial Intelligence (AI). This was hosted through a collaboration within the Science and Technology Innovation Program. The work is funded by the Alfred P. Sloan Foundation who funds their work on the paradigms of Open Hardware and Open Science.
    2022-04-28 Introducing Package Analysis: Scanning open source packages for malicious behavior OpenSSF blog
    2022-04-21 "Secure Software Development: Discussion for the LFN" (video) (slides) Linux Foundation Networking (LFN)
    2022-04-08 Improving Open Source Software Security FOSSASIA Summit 2022 by FOSSASIA
    2022-03-02 Census II Context Linux Foundation (LF) Webinar: Census II of Open Source Software Application Libraries the World Depends On (report)
    2022-02-17 Security Measures For Critical Software Office of Information Security (OIS) Lunch and Learn (VA)
    2022-02-08 Mission:data Hearing Exhibit 300 Answer Testimony of Wheeler Rev. 1 (testimony as an expert witness, on behalf of Mission:data Coalition) Proceeding 21A-0279E, "In the matter of the application of Public Service Company of Colorado for approval to amend the certificate of public convenience and necessity for its Advanced Grid Intelligence and Security (AGIS) initiative" Colorado Dept. of Regulatory Agencies (Search for Proceeding 21A-0279E)
    2022-02-14 Securing "the" Open Source (Episode S2E6, David A. Wheeler joins) Security Unhappy Hour
    2022-02-07 Investing in Open Source Software (OSS) Security (scheduled) CERT Vendor Meeting 2022
    2022-01-13 Co-author of Linux Foundation / Open Source Security Foundation (OpenSSF) presentation and participant in workshop (US) White House Software Security Summit
    2022-01-07 log4j / Log4Shell: What are they & what can we learn? MIT CAMS (MIT's cybersecurity initiative) weekly research seminar for its community of academics and industry practitioners.
    2021-12-01 Linux Foundation: Defending the Global Software Supply Chain from Cyberattacks in 2021 (co-author) Linux Foundation Blog
    2021-11-21 (recorded 2021-11-17) Episode 298 – David A Wheeler discusses the OpenSSF Open Source Security Podcast
    2021-11-16 Panel 2: Enhancing Software and Technology Supply Chain Security NICE Symposium: A Coordinated Approach to Supply Chain Risks
    2021-11-09..10 OpenSSF CII Best Practices Badge Open Source Experience 2021, Paris, France; they're expecting 200 speakers, 70 exhibitors, and 4500 attendees
    2021-10-14 "Linux Foundation Security Executive Order (EO)" by David A. Wheeler & Kate Stewart Wind River Learning Session
    2021-10-11 (Program committee member) SupplyChainSecurityCon North America, Los Angeles, California + Virtual, hosted by Cloud Native Computing Foundation (CNCF) and the Continuous Delivery Foundation (CDF)
    2021-09-29 Keynote speaker (image Open Source Summit + Embedded Linux Conference + OSPOCon, Seattle, Washington
    2021-09-29 .. 10-01 (Program committee member) Linux Security Summit (LSS) North America, Seattle, Washington + Virtual
    2021-09-28 Episode 262: Interview [with David A. Wheeler] Roaring elephant (podcast), recorded 2021-09-08
    2021-09-15 Panelist in Technical Requirements for Software Cybersecurity Labels NIST Cybersecurity Labeling Programs for Consumers: Internet of Things (IoT) Devices and Software
    2021-08-18 Supply Chain Cybersecurity (Keynote presentation) Building Cybersecurity into the Software Supply Chain Town Hall Virtual Event; see the video playlist
    2021-08-17 Cybersecurity Labeling Programs for Consumers of IoT Devices and Software Linux Foundation's response to the US NIST Workshop and Call for Papers on Cybersecurity Labeling Programs for Consumers: Internet of Things (IoT) Devices and Software
    2021-08-17 Quoted in BlackBerry resisted announcing major flaw in software powering cars, hospital equipment Politico (Cybersecurity area)
    2021-08-10 Funded open source security work at the Linux Foundation Linux Foundation blog (post). Quoted in "Get paid to improve Linux and open-source security" by Steven J. Vaughan-Nichols (ZDNet) and "Receive money to improve Linux security and open source software" by Team Security (Bollyinside)
    2021-08-09 Post-Approval LF Security Funding (typical LF oversight process) Linux Foundation (LF)
    2021-08-04 Open Source Software & Supply Chain Security Open Source Days, hosted by the Academy Software Foundation
    2021-07-29 Open Source Software & Supply Chain Security (David A. Wheeler and Kay Williams) Enduring Security Framework (ESF) Software Supply Chain Working Panel
    2021-07-24 (recorded) Software Bills of Material (SBOMs), Kate Stewart and David A. Wheeler The Federal Drive with Tom Temin, Federal News Network
    2021-07-20 Developing secure open source software (OSS) - recording & slides available Linux Foundation Live (Virtual) Mentoring series
    2021-06-30 Is Open Source Ready For Biden’s Executive Order For Cybersecurity? Video interview with Swapnil "Swap" Bhartiya, TFiR (recorded 2021-06-08)
    2021-06-08 Lead author of LF position papers on criteria for critical software (#1), best practices (#2), the use of critical software (#3), testing (#4), and integrity chains (#5). Linux Foundation's response to the Call for Position Papers on Standards and Guidelines for Enhancing Software Supply Chain Security (per 2021 US Executive Order on Cybersecurity)
    2021-06-02 Panel 1: Criteria for Designating Critical Software (speaker and panelist) Enhancing Software Supply Chain Security: Workshop and Call for Position Papers on Standards and Guidelines (see their Software Supply Chain: Executive Order site
    2021-05-27 Securing the Software Supply Chain (panel) Software Delivery Leadership Forum
    2021-05-26 Software Bill of Materials and uncovering threats in the software supply chain Stuart Phillips, Interos | Kate Stewart, Linux Foundation | David A. Wheeler, Linux Foundation BrighTALK
    2021-05-20 Securing the Development & Supply Chain of Open Source Software (OSS) QCon Plus 2021, May 17-28, 2021
    2021-05-18 Critical Update: Do You Know What’s In Your Software? Nextgov (quoted in article)
    2021-05-14 How Linux Foundation (LF) communityies enable security measures required by the US Executive Order on Cybersecurity Linux Foundation blog (post)
    2021-05-11 Keynote « Open Source Supply Chain Security » Cyber 4 Open Source webinar, La Securite des Logiciels Open Source (The security of open source software)
    2021-05-06 "How NOT to do research on an open source community..." by Greg Kroah-Hartman and David A. Wheeler Discussion, cited by LWN
    2021-05-04 Securing Open Source (Keynote) Cloud Native Security Day
    2021-05-03 OpenSSF Town Hall (esp. "In the News") Open Source Security (OpenSSF) Town Hall
    2021-04-27 Open Source Supply Chain Risk Management NASA’s Information Communication Technology (ICT) Supply Chain Risk Management (SCRM) Service
    2021-04-12 Fuzzing TechStrong TV Video Interview hosted by Charlene O'Hanlon with David A. Wheeler, Asra Ali, and Oliver Chang. See also Developers are buzzing on fuzzing. Recorded 2021-03-29.
    2021-04-09 (recorded) US Government & software supply chain security Nextgov, interviewed by Staff Correspondent Mariam Baksh, Government Executive Media Group
    2021-03-26 (recorded) Open Source Security with Dr. David A. Wheeler, episode 91 The Secure Developer Podcast (Guy Podjarny, Snyk) - via DevSecCon
    2021-03-25 "Why Won’t Developers Always Just Write Secure Open Source Software?" by Frank Nagle and David A. Wheeler US NITRD CSIA
    2021-03-03 "Securing Software Supply Chains" hosted by Derek Weeks, interviewing Brian Fox (Co-founder/CTO Sonatype), David A. Wheeler (Linux Foundation), and Trey Herr (Atlantic Council) Sonatype
    2021-03-03 2-4pm ET "Why Won’t Developers Always Just Write Secure Open Source Software?" by Frank Nagle and David A. Wheeler US Information Security and Privacy Advisory Board (ISPAB)
    2021-02-26 (recorded) Kim Lewandowski + David Wheeler + John Speed (panel discussion, esp. on Typosquatting, hosted by Charlene O'Hanlon) TechStrong TV
    2021-02-23 EXCLUSIVE INTERVIEW: Lessons Learned From the SolarWinds Supply Chain Hack by Jack M. Germain LinuxInsider
    2021-02-22 OpenSSF Town Hall (co-presenter) Open Source Security Foundation (OpenSSF)
    2021-02-09 David Wheeler + Kim Lewandowski + Santiago Torres-Arias (panel discussion into open source supply chain security, hosted by Charlene O'Hanlon) TechStrong TV
    2021-01-26 Episode #212: Security Requires Thinking (His Monkey, His Circus) Dave & Gunnar Show (audio podcast) (see all my visits there)
    2021-01-22 "David A. Wheeler - Security Lessons From a Rapidly Evolving Open Source Ecosystem" (audio podcast) The Balancing Act by Security Compass
    2021-01-20 Supply-Chain Security: A 10-Point Audit (by Derek Weeks and David A. Wheeler) (video live webcast) (announcement) threatpost
    2021-01-13 Preventing Supply Chain Attacks like SolarWinds Linux Foundation blog
    2020-12-16 Linux Foundation: Improving Open Source Software Security FLOSS Weekly podcast #609
    2020-12-08 Report on the 2020 FOSS Contributor Survey by Frank Nagle, David A. Wheeler, Hila Lifshitz-Assaf, Haylee Ham, and Jennifer L. Hoffman. Report from the Linux Foundation and the Laboratory for Innovation Science at Harvard. (press release)
    2020-08-06 Episode #202: Linux Foundations (interview with David A. Wheeler) Dave & Gunnar Show (audio podcast)
    2020-07-24 Managing Risks and Opportunities in Open Source with Frank Nagle & David A. Wheeler CHAOSS Podcast
    2020-04 Initial Analysis of Underhanded Source Code IDA Document D-13166
    2019-10-12 CII Best Practices Badge Update FLOSS Weekly podcast #550
    2019-09 A Partial Survey on AI Technologies Applicable to Automated Source Code Generation IDA NS D-10790
    2019-06-02 Metamath: A Computer Language for Mathematical Proofs by Norman Megill and David A. Wheeler Book, published by Lulu Press. You can get it nearly everywhere (e.g., via Amazon), but getting it directly from Lulu is cheaper.
    2019-03-20 Railroader (a security static analysis tool for Rails) FLOSS Weekly podcast #522
    2019-03-12..14 CII Best Practices Badge Project in 2019 Open Source Leadership Summit (a Linux Foundation event), Ritz Carlton Half Moon Bay, Half Moon Bay, California
    2018-12 A Sample Security Assurance Case Pattern IDA paper P-9278. Note: E. Kenneth Hong Fong was the project leader but not an author.
    2018-11-05..06 Approaches to Cyber-Resilience through Language System Design (working title) High Integrity Language Technology (HILT) International Workshop on Cyber-Security Interaction with High Integrity, Boston, Massachusetts. Organized by the Association for Computing Machinery (ACM) SigAda special interest group.
    2018-07 Securely Using Software Assurance (SwA) Tools in the Software DevelopmentEnvironmen, David A. Wheeler and Daniel J. Reddy IDA Document P-9166. Note: E. Kenneth Hong Fong was project leader but not a co-author.
    2018-06-27 If it works, it's legacy: analysis of legacy code Sound Static Analysis for Security, NIST, Gaithersburg, MD
    2018-05-23 Open Source Software & the US Department of Defense Platform Security Summit, May 23-24, 2018, Fairfax, VA
    2018-05-01 Secure Software Education & Training: Some thoughts Software and Supply Chain Assurance (SSCA) Forum, Co-sponsored by the U.S. Department of Homeland Security (DHS), Department of Defense (DoD), National Institute of Standards and Technology (NIST), and the General Services Administration (GSA). May 1-2, 2018, MITRE, McLean, VA
    2018-03-15 Software Assurance & Software Data Rights: Starting a Discussion Software Assurance (SwA) Community of Practice (COP), MITRE, McLean, VA
    2018-01-31 Current and future DoD policies on open source software DoD Software Development and Release conference, US Army Engineer Research and Development Center, Mississippi
    2017-09-14 CII Badge Project: 1.5 years later Linux Security Summit 2017, Los Angeles, California
    2017-08 The Software Assurance State-of-the-Art Resource (SOAR) [summary] IDA NS D-8462. This is a summary. For the document see State-of-the-Art Resources (SOAR) for Software Vulnerability Detection, Test, and Evaluation 2016 including its Appendix E.
    2017-06-14 The State of Open Source Software (OSS) in the US Federal Government 2017 Open Source Summit: Succeeding with the New Federal Open Source Policy, Open Source Electronic Health Record Alliance (OSEHRA)
    2017-10-31 Core Infrastructure Initiative (CII) Open Source Software Census II Strategy by David A. Wheeler and Jason N. Dossett IDA Document D-8777. Note: at the time we determined there were at least 3.26 million significant OSS projects (the number is explained in the paper).
    2016-05-10 Episode #113: Badge of Open Source Honor Dave & Gunnar Show (audio podcast) (see all my visits there)
    2016-10-20 Open Source Software Practices & Principles for Cybersecurity Technology Transition Open Source Automotive Cybersecurity Research Tools Forum, Cambridge, MA
    2016-10-04 Linux Foundation Core Infrastructure Initiative (CII) Best Practices Badge Software and Supply Chain Assurance (SSCA) Forum, Co-sponsored by the U.S. Department of Homeland Security (DHS), Department of Defense (DoD), National Institute of Standards and Technology (NIST), and the General Services Administration (GSA). October 3-5, 2016
    2016-09-21 Linux Foundation Core Infrastructure Initiative (CII) Best Practices Badge (keynote) OW2 Conference 2016, Paris, France
    2016-11 State-of-the-Art Resources (SOAR) for Software Vulnerability Detection, Test, and Evaluation 2016 including Appendix E by David A. Wheeler and Amy E. Henninger. IDA Paper P-8005
    2016-08-09 Metamath Proof Explorer (MPE): A Modern Principia Mathematica Youtube video
    2016-06-28 Core Infrastructure Initiative (CII) Best-Practices Badge Criteria IDA NS D-8054
    2016-05-24 Best Practices Badge FLOSS Weekly podcast #389
    2016-03-31 Census and Badging Linux Foundation Collaboration Summit, Resort at Squaw Creek, Lake Tahoe, CA
    2015-10-24 Using an Open Source Software Approach for Cybersecurity Technology Transition IDA Paper P-5279
    2015-10-23 Open Source Software OpenHatch at Mason, George Mason University (GMU), Fairfax, VA. (Organized with the Mason Student-Run Computing and GMU GNU/Linux User Group). OpenHatch itself is a "non-profit dedicated to matching prospective free software contributors with communities, tools, and education".
    2015-06-30 Software SOAR Information Assurance Symposium (IAS), Washington Convention Center, Washington DC
    2015-06-23 Preventing Heartbleed and other topics Linux Foundation (LF) Core Infrastructure Initiative (CII)
    2015-06-19 Open Source Software Projects Needing Security Investments by David A. Wheeler and Samir Khakimov IDA Document D-5459 (aka "Census I")
    2015-04-22, 08:00 Countering Development Environment Attacks RSA Conference (USA 2015), San Francisco, CA (along with Dan Reddy)
    2015-02-19 Software SOAR Boeing BMA
    2014-08 Preventing Heartbleed by David A. Wheeler (article) IEEE Computer, Volume 47, Issue 8. August 2014. pp. 80-83.
    2014-06-24 Preventing Heartbleed. Content Understanding Forum: Industry's Promising Practices Institute for Defense Analyses (IDA). Note: Jeff Hawkins (founder of Numenta) also presented; there have been some amazing advances in our understanding of the brain.
    2014-06-10 David A. Wheeler on the Current State of Application Security (audio no longer available) Interview by Trusted Software Alliance
    2014-05-20 Episode #51: A Visit with the Doctor Dave & Gunnar Show (audio podcast)
    2014-02-25, 18:30-21:00 (Interview of me) "US government accelerating development and release of open source" by Mark Bohannon
    2014-02-25, 18:30-21:00 Open Source Software and Government American Society for Quality, Washington, DC and Maryland Metro section 509, Software SIG meeting, MITRE-1, 7525 Colshire Dr, McLean, VA 22102
    2013-12-18 Software (security) state-of-the-art resource (SOAR) Software and Supply Chain Assurance (SSCA) Work Group, MITRE-1, 7525 Colshire Dr, McLean, VA 22102
    2013-12-03 Software (security) state-of-the-art resource (SOAR) SINET 2013 at National Press Club, Washington, DC
    2013-11-07 Cyber Attack Attribution Techniques National Defense Industrial Association (NDIA), Cyber division meeting
    2013-11-06 Software Assurance (SwA), Supply Chain Risk Management (SCRM), and Open Source Software Defense Acquisition University (DAU), Ft. Belvoir, VA.
    2013-09-19 Homeland Open Security Technology (HOST). Software and Supply Chain Assurance forum (SSCA), Mclean, VA; hosted by DoD and DHS. I was standing in for Daniel Massey, the HOST Program Manager.
    2013-09-17 Software Assurance (SwA), Supply Chain Risk Management (SCRM), and Open Source Software Defense Acquisition University (DAU) PAX River, California, MD, 20619
    2013-09-16 Open source software panel Department of Homeland Security (DHS) S+T PI Meeting
    2013-09-10 Open Source and Security Government Innovators Virtual Summit, GovLoop
    2013-09-06 Open source software and security [Electrical] Grid Open Source Software Alliance (GOSSA), National Rural Electric Cooperative Association, Arlington, VA
    2013-09-04, 1330-1415 Open source software and intellectual property (IP) management Open Source Electronic Health Record (EHR) Summit & Workshop, Bethesda, Maryland; sponsored by the Open Source Electronic Health Record Agent (OSEHRA)
    2013-09 Parallel Compilation on Virtual Machines in a Development Cloud Environment IDA Document D-4996
    2013-08-14 Keynote presentation: How to Open Source in Government Drupal4Gov 2013, Washington, DC
    2013-08-13 What is Open Security? IDA NS D-4993
    2013-08 Case Study: OpenSSL 2012 Validation IDA Document D-4991
    2013-05-22 Running Open Source Software projects Open Source Software for the Smart Grid Workshop, Houston, TX
    2013-05-09, 0900-1200 (EDT) Open source software “Open Source License Clinic” Hosted by the non-profit Open Source Initiative (OSI). Library of Congress, 101 Independence Ave SE, Madison Building, 6th Floor, Dining Room A, Washington, DC 20540.
    2013-03-04 "Open Source Software, Government, and Cyber Security" (presentation) Association for Computing Machinery (ACM), Washington, DC Chapter. 1203 19th St, 3rd Floor, Washington, DC.
    2013-01-14 Open Source Software in Government Challenges and Opportunities (and) OpenSSL 2012 FIPS 140-2 Validation #1747 Case Study DHS Industry Day 2013, Maritime Institute Conference Center, Linthicum, Maryland
    2012-10-23 Innovation panel (with Christopher Dale, Matt Micene, and Michael Tiemann) [picture] [picture] [article] Red Hat Government Symposium, Washington, DC
    2012-10-18 Security and Open Source Software Open Cybersecurity Summit, Schafer Conference Center, Washington, DC
    2012-10-17 Open Source Software and the U.S. Department of Defense Open Source Electronic Health Record Agent (OSEHRA), Gaylord Convention Center, National Harbor, Maryland
    2012-10-15..16 Navigating Laws & Regulations on OSS; OSS in Government: Challenges & Opportunities Military Open Source Software (MIL-OSS) Working Group 4 (WG4), Arlington, Virginia
    2012-09-20 Homeland Open Security Technologies (HOST): Leveraging Open Source Software in Support of National Cyber Security Objectives Software Assurance (SwA) forum (sponsored by the Department of Defense (DoD) and Department of Homeland Security (DHS)), McLean, VA
    2012-08-29 Countering Vulnerable/Obsolete Software Libraries Diminishing Manufacturing Sources and Material Shortages (DMSMS) & Standardization 2012, New Orleans, LA (Cancelled due to hurricane)
    2012-07-31 Software Assurance (SwA), Supply Chain Risk Management (SCRM), and Open Source Software Defense Acquisition University (DAU), Ft. Belvoir, VA.
    2012-07-17 5 Questions with David A. Wheeler by Melanie Chernoff
    2012-06-21 Releasing software or software changes developed with federal government funding - deciphering contracts/laws so you can build your community Open Source Summit 2012 (hosted by NASA, the Veteran Affairs Innovation Initiative (VAi2), and the State Department), University of Maryland, College Park, MD.
    2012-06-19 Software Assurance (SwA), Supply Chain Risk Management (SCRM), and Open Source Software Defense Acquisition University (DAU), Ft. Belvoir, VA.
    2012-06-07 Lessons Learned: Roadblocks and Opportunities for Open Source Software (OSS) in U.S. Government (GovLoop) GovLoop (Webinar) [FierceGovernment coverage]
    2012-05-30 OSS Licensing; Challenges and Opportunities OSSI Industry Day, JHU APL, 11100 John Hopkins Road, Laurel, MD (starts 7:30am)
    2012-05-16 Receipt of the "Outstanding Adjunct Faculty Award" for my work teaching the graduate course "Secure Software Design and Programming" (SWE 781/ISA 681). George Mason University (GMU) Department of Computer Science, Celebration & Awards Dinner, Fairfax, VA.
    2012-04-19 Open Source Software: U.S. Government and Security Rensselaer Polytechnic Institute (RPI), Troy, NY
    2012-04-12 The State of Open Source in the Federal IT Landscape FOSS4G North America 2012, Washington, DC
    2011-11-09..11 Keynote ApacheCon North America 2011, Vancouver, British Columbia, Canada
    2011-09-22 Security and Open Source Software Open Source Software and the Military Health System, Virginia Tech Research Center, Arlington, VA
    2011-08-30.. 2011-09-01 Open Source Software Military Open Source Software (MIL-OSS) WG3, Atlanta, GA
    2011-08-23 Open Source Software (OSS) and Total Cost of Ownership (TCO) Government Open Source Conference (GOSCON) 2011, part of Innovation Nation 2011, Washington Convention Center, Washington, DC. My talk on financial issues followed Dr. Alan Greenspan — talk about pressure! The tagline was "Shake IT up"; an earthquake halted the conference early, so I guess they really meant it.
    2011-04-06 Open Source Software and the DoD FLOSS Weekly #160, an interview of me by Randal Schwartz and Simon Phipps
    2011-03-29 Open Source Software: What is possible? NASA Open Source Summit 2011, Ames Research Center, Mountain View, CA. O'Reilly Radar posted a summary.
    2011-03-23 Open Source Software (Look at the Numbers!) Palmetto Open Source Software Conference (POSSCON) 2011, Columbia, SC
    2010-08-02..05 Open Source Software and Security MIL-OSS 2010, Washington, DC
    2010-06-26 Open Source Software CENDI, the Law Library of Congress, and the Federal Library and Information Center Committee Open Source Software and Copyright: Legal and Business Considerations for Government Use, Library of Congress, Madison Building, Washington, DC
    2010-06-15 Expert Witness on "Planning for the Future of Cyber Attack Attribution" U.S. House of Representatives, Committee on Science & Technology, Subcommittee on Technology & Innovation [transcript] [report] [picture]
    2010-04-24..26 Open Source Software and Security (includes some info on Open Proofs) [ODP] [PDF] Free/Open Source Software Technologies (FOSST), King Abdulaziz City for Science and Technology (KACST), Riyadh, Saudi Arabia
    2009-11-23 Fully Countering Trusting Trust through Diverse Double-Compiling (DDC) Innovation Hall room 105, George Mason University (GMU), Fairfax, VA
    2009-11-05 Open Source Software. GOSCON, Ronald Reagan Building and International Trade Center, Washington, DC.
    2009-08-12..13 Open Source Software panel discussion, open proofs Mil-OSS, Atlanta, GA.
    2009-06-18 Open Source Software panel discussion NRO CTO conference (panel discussion along with Dan Risacher (DoD), Michael Tiemann (Red Hat), and John Scott)
    2008-09-24 Software Assurance and Open Source Software FASTER group, National Coordination Office (NCO) for Networking and Information Technology Research and Development (NITRD). NCO/NITRD is the primary mechanism by which the U.S. Government coordinates its unclassified networking and information technology (IT) research and development (R&D) investments.
    2008-08-08 Open Proofs Defense BarCamp
    2008-06-12 Securing Open Source Software [ODP] OWASP (Northern Virginia), Herndon, VA
    2008-05-07 Securing Open Source Software 8th Semi-Annual Software Assurance Forum, May 6-8, 2008, Sheraton Premiere, Tyson's Corner in Vienna, Virginia.
    2008-02-11 Open Source Software and the DoD Data & Analysis Center for Software (DACS) series. "Open source software (OSS) has become widespread, but there are many misconceptions about it - resulting in numerous missed opportunities. This presentation will clarify what OSS is (and isn't), rebut common misunderstandings about OSS, discuss the relationship of OSS and security, discuss how to find and evaluate OSS, and explain OSS licensing (including how to combine products and select a license). It will show why nearly all extant OSS is COTS software, and thus why it's illegal (as well as foolish) to ignore OSS options."
    2007-12-11..12 (1) OSS Licensing and (2) Security and Open Systems / Open Source 3rd DoD Open Conference: Deployment of Open Technologies and Architectures within Military Systems
    2007-07-23 What's Ahead for OSS and DoD The Open Group, Real-time and Embedded Systems Forum, Austin, TX
    2007-03-14 Open Source Software (OSS) [for government acquisitions] [PDF] [ODF] [PPT] [OGG] [MP3] [FLAC] [As text] Open Source - Open Standards - Open Architecture: DoD Open Technology Development and Open Source Geospatial Software by the non-profit Association for Enterprise Integration (AFEI), a member of the National Defense Industrial Association (NDIA) family of associations. Held at the Hyatt Hotel Crystal City, Arlington, VA. I was the only person on the panel who wasn't directly employed by the U.S. government. My presentation appears to have inspired a Navy policy memo on OSS.
    2006-12-12 FLOSS and Software Assurance / Security Towards a Transparent Acquisition Marketplace for Increased Mission Agility with Open Technology Development, sponsored by the U.S. GSA. Held at the National Science Foundation (NSF) in Rosslyn, VA. An organizer said, "Thank you for your superb presentation and contribution."
    2006-07-12 "Open Standards and Security (and OpenDocument too)" Columbia LUG. HP building, 8890 McGaw Rd Ste 100, Columbia, MD.
    2006-07-08 Free-Libre/Open Source Software (FLOSS) and Security NovaLUG. Washington Technology Park/CSC (formerly Dyncorp), 15000 Conference Center Drive, Chantilly, VA.
    2006-05-17, 19:00 "FLOSS and security." DCLUG. 2025 M Street NW, Washington DC.
    2006-04-26, 14:00 Open source software and security (plenary speaker) The Open Group's "Architecting to the Edge" conference. Hilton Crystal City, Crystal City, Arlington, VA. Allen Brown (CEO and President) wrote, "The Washington meeting was one of our best-attended conferences ever... We couldn't have have made it one of our most successful events without your participation, contribution and confidence".
    2006-04-04 Open Standards and Security [ODF] [OGG] [MP3] [FLAC] LinuxWorld 2006's "Government Day" focusing on open standards, Boston, MA. See my commentary. NewsForge reported on my talk, saying: "Of all the speakers I heard, two really made me sit up and pay attention... [one was David Wheeler, who] spoke in parables to illustrate just what open standards are and why they are important for IT infrastructure security... Through this talk I began to see how base standards in hardware and software could allow vendor innovation while preventing vendor lock-in."
    2006-03-02 Countering Trusting Trust through Diverse Double-Compiling George Mason University (GMU), Fairfax, VA. (An interactive lecture about my ACSAC paper.)
    2005-12-05 Countering Trusting Trust through Diverse Double-Compiling Annual Computer Security Applications Conference (ACSAC 2005), Tucson, Arizona. I describe and discuss a new approach to counters the "uncounterable" Trusting Trust attack, including an experiment that shows it works. Lots of people noticed this paper; Bruce Schneier even has a lengthy article about my paper, saying, "This [Trusting Trust] attack has long been part of the lore of computer security, and everyone knows that there's no defense. And that makes this paper by David A. Wheeler so interesting."
    2005-10-11..12 Session Lead, Tools Open Web Application Security Project (OWASP) Application Security (AppSec) 2005 conference, NIST, Maryland
    2005-06-03 "Why Free-libre / Open Source Software? Look at the Numbers!" "6th International Free Software Forum" / Fórum Internacional Software Livre (FISL) Porto Alegre, Brazil. My travelogue of FISL 2005 in Porto Alegre, Brazil got a lot of press, including a prominent citation in Groklaw. (The paper "Why OSS/FS? Look at the Numbers!" is also available.)
    2004-10-27 "Security and Open Source Software". "Open Source Enterprise Solutions Conference" of the Tech Council of Maryland, Rockville, Maryland. My blog entry on this Tech Council of Maryland talk has more information. Interestingly, a large number of FLOSS security projects (both commercial and non-commercial) are based on Maryland.
    2004-04-07 (Interview) "How useful are 'proprietary vs. open source' TCO studies?" by Robin 'Roblimo' Miller NewsForge
    2004-03-16 "Open source software and security" Open Source in Government Conference 2004 (sponsored by the U.S. General Services Administration (GSA) and The Center of Open Source & Government of George Washington University), Washington, DC. My blog entry has more info.
    2004-03-11 "Evaluating OSS/FS Programs." At the conference "You Paid What? A Workshop On Full Cost Accounting Methodology For Information Technology Projects In The Public Sector", Ottawa, Canada.
    2004-02-03 "What Should Governments Examine in Acquiring COTS Open Source Software (OSS)?" Web-enabled Government conference, Ronald Reagan building, Washington, DC (a repeat of the very successful LinuxWorld January 2004 panel).
    2004-01-22 "What Should Governments Examine in Acquiring COTS Open Source Software (OSS)?" LinuxWorld, New York City's Javits center. Blog entry.
    2003-12-11 Security, Open Source, and Ada (Keynote speaker) SIGAda 2003, San Diego, CA.
    2003-02-20, 19:00 Secure Programming for Linux and Unix HOWTO University of Baltimore, Baltimore, MD.
    2002-08 "Under the Brim Interview with David A. Wheeler" by Jeremy Hogan "Under the Brim" (Red Hat's electronic magazine)
    2002-02-16 Secure Programming for Linux and Unix HOWTO Free and Open Source Software Developers' European Meeting (FOSDEM 2002) conference, Brussels, Belgium. See my FOSDEM 2002 Travelogue.
    2001-12-25 "David A. Wheeler's interview" FOSDEM 2002 interviews (these were interviews of people who were scheduled to speak at FOSDEM 2002)
    2000-02-28 Linux Security Interview with David A. Wheeler by Brittany Day

    Locations are in the United States of America (USA) unless otherwise noted.

    I've given other public presentations besides these, but haven't gotten around to listing them.

    Feel free to see my home page at