Presentations and More from David A. Wheeler

Below are some of the presentations that I plan to give or have given, in reverse chronological order. I also include some selected posts, articles, papers, and books that I wrote or where I'm quoted; I originally didn't do that, but including them turns out to be convenient. Dates are in ISO 8601 date format (YYYY-MM-DD).

Generally I talk about security / software assurance, free-libre / open source software (FLOSS or OSS/FS), open standards, software innovations, various specialized areas of computer technology, or some combination. I post many of my presentations on my website. I'm available for a few speaking engagements each year; I limit the number of trips away from the Washington, DC area, but I do travel if it's important/interesting. Contact me if you'd like me to speak at your event. You can also see more information about me and my Credly list of my digital badges/awards.

and its rationale (lead author)
Date/TimeTopicOrganization/Sponsor, Location, Notes
2024-12-07 Comments on Bad Security Practices by David A. Wheeler Request for Comment on Product Security Bad Practices Guidance
2024-12-05, 0800 PST Census III of Free and Open Software: Application Libraries Webinar (video) Linux Foundation Webinars
2024-12-04 Census III of Free and Open Software report by Frank Nagle, Kate Powell, Richie Zitomer, and David A. Wheeler. Noted in TechCrunch, Infosecurity magazine, ITPro, SearchSecurity (TechTarget), Developer Tech News, Linux Security, VMBlog.com, CISO Series, OpenSSF, prnewswire, Dark Reading, Information Security Buzz, Risky Biz News, SecurityWeek (weekly round-up article) and Beta News. Linux Foundation Research
2024-10-29 Quoted in OpenSSF updates its Developing Secure Software course with new interactive labs by Jenna Barron (there's also an OpenSSF press release). SD Times (SD stands for "Software Development")
2024-10-22, 11:30-12:10 ET Artificial Intelligence Cyber Challenge (AIxCC): Overview and Releasing Research as Open Source Software - David Wheeler & Jeff Diecks, Linux Foundation by David A. Wheeler and Jeff Diecks (video) SOSS Fusion, Atlanta, GA (all videos)
2024-10-10, 13:00-14:30 ET Panelist, "Jumpstart Your Journey: Mastering OSS Security Development with Training & Certification" (invitation) Tech Talk
2024-09-25 Open Source Security Foundation (OpenSSF): Improving OSS Security Towards a Robust and Sustainable Open-Source Software Ecosystem for Future Wireless Research and Development, Washington, DC. Organized by the Networking and Information Technology Research and Development (NITRD) National Coordination Office (NCO), (US) National Science Foundation (NSF).
2024-09 LFD121 Labs Addition - Enroll in Our Free LFD121 Course: "Developing Secure Software" OpenSSF Youtube Channel
2024-08-11 From Research to Release: Transferring AIxCC Results to Open Source Software by David A. Wheeler, Jeff Diecks, and Chris Aniszczyk (slides) DEF CON, AIxCC section
2024-07-17 Introduction to the Artificial Intelligence Cyber Challenge (AIxCC) FIRST AI Security SIG
2024-07-17 AI Cyber Challenge (AIxCC) and the Needle Linux Kernel Vulnerability – Part 2 OpenSSF Blogs
2024-07-16 "Nearly 1 in 3 software development professionals unaware of secure practices" by David Jones (quoted) Cybersecurity Dive
2024-07-10 AI Cyber Challenge (AIxCC) and the Needle Linux Kernel Vulnerability – Part 1 OpenSSF Blogs
2024-06 Secure Software Development Education 2024 Survey by Marco Gerosa, David A. Wheeler, and Stephen Hendrick. (announcement) OpenSSF and Linux Foundation
2024-06-18 Know Your Regular Expressions: Securing Input Validation Across Languages OpenSSF Blog
2024-06-18 Correctly Using Regular Expressions for Secure Input Validation! OpenSSF Guides
2024-06-06 GUAC Tech Talk: Proactive Supply Chain Security with Graph for Understanding Artifact Composition (GUAC), Moderator
2024-05-13 "Unlock the Keys to Improved Software Security" OpenSSF Blog
2024-04-17, 1:30pm PT "Linux Learning Lounge: Unlock the Keys to Improved Software Security" Open Source Summit North America 2024, Seattle, Washington
2024-04-15..19 Open Source Summit North America 2024 Program Committee, Linux Security Summit
2024-04-11 Keeping it Real (AIxCC summary video) (X) (LI) (FB) DARPAtv
2024-03-20 "OSS Supply Chain: Challenges & How the Open Source Community Can Help" presentation by David A. Wheeler SecurityWeek Virtual Supply Chain Event
2024-03-07 OpenSSF and CISA Join Forces to Secure Open Source Software by David A. Wheeler, Bennett Pursell, and Dana Wang. OpenSSF Blog
2024-02-20 Comments Submitted by OpenSSF (Facilitator) Cybersecurity and Infrastructure Security Agency (CISA) Request for Comment (RFC) on its Shifting the Balance of Cybersecurity Risk: Principles and Approaches for Secure by Design Software white paper
2024-02-06 Time is of the Essence to Mitigate Vulnerabilities like Leaky Vessels (Co-author) OpenSSF Blog
2024-02-02 OpenSSF Champions a More Secure Future in Collaboration with Public Sector OpenSSF Blog
2023-12-18 What’s Next in Open Source Security OpenSSF Blog
2023-12-11 OpenSSF Responds to the CISA RFC on Software Identification Ecosystem Analysis OpenSSF Blog
2023-12-05 OpenSSF details top 10 secure software development principles by Sean Michael Kerner (interview) SDxCentral
2023-11-29 Compiler Options Hardening Guide for C and C++ OpenSSF Best Practices Working Group (WG)
2023-11-29 Strengthening the Fort 🏰: OpenSSF Releases Compiler Options Hardening Guide for C and C++ OpenSSF Blog
2023-11-28 Linux Foundation (LF) Energy on Cybersecurity in Energy Infrastructure: The Value of Open Source Software OpenSSF
2023-10-23 Secure By Design: Guidance from Governments OpenSSF Blog
2023-10-18 Keynote: "Open Source Software Security" Improve: Security, part of SD Times Continuous Improvement series
2023-09-25 Keynote speaker, "Open Source Software Security" Code.LM (Lockheed Martin’s conference on software development, DevSecOps, Secure Supply Chain, and other software specific topics)
2023-09-19..21 Speaker, "Implementing the OpenSSF Best Practices Badges & Scorecards Into Your Project"; Program Committee of SupplyChainSecurityCon; Program Committee of Linux Security Summit Open Source Summit European Union (EU), Bilbao, Spain
2023-09-14 How to report vulnerabilities to LF projects and foundations (lead and primary author of LF policy). Discussion is at What You Need to Know About the Linux Foundation’s New Vulnerability Reporting Policy. Linux Foundation primary website
2023-09-12 CISA's Open Source Software Security Roadmap OpenSSF Blog.
2023-09-12 Secure Open Source Software Vision Brief 2023, lead author Open Source Security Foundation (OpenSSF)
2023-08-07 Open Source Software security F5 podcast
2023-06-14 Secure Software Design and Programming: Artificial Intelligence / Machine Learning AI/ML Security & OSS (June 14, 2023) potential WG meeting
2023-05? Developers are Taking Security Seriously (interview with David A. Wheeler) Video interview with Swapnil "Swap" Bhartiya, TFiR
2023-05-08..12 Program Committee of SupplyChainSecurityCon, Program Committee of Linux Security Summit, OpenSSF Day, Speaker at Open Source Summit Open Source Summit North America, Vancouver, Canada
2023-04-27 SLSA 1.0 is here! What’s it mean for you?, panelist with Isaac Hepworth (Google) Cloudsmith Webinar
2023-04-17 Distinguish between source and vendor OpenSSF Blog
2023-04-10 Securing Open Source Software Projects – David A. Wheeler, Open Source Security Foundation TechStrong.TV
2023-04-03 Workshop participant US Open Source Software Policy Jam, Arlington, VA
2023-03-30 Open Source Software (OSS) Supply Chain Security (slides - select part 2) C4DT Conference on Software Supply Chain Security, hosted by The Center for Digital Trust, Switzerland
2023-03-22 Panelist, Software Supply Chain Leadership Series: Come SLSA with us!"
2023-03-16 How to Get Involved in OpenSSF Working Groups and Projects OpenSSF Town Hall (virtual meeting) (video)
2023-03-10 How OpenSSF Aims to Make Log4j-Like Incidents Rare by Nancy Liu (interviewee) sdxcentral
2023-02-28 "DevOps, Security, and Open Source Software" presentation (sizzle video) The Big Fix (Livestream)
2023-02-22 Co-lead Virtual Maintainer Summit for Critical OSS Projects
2023-02-22 "Open Source Software Security" Linux Foundation (LF) Edge TAC meeting
2023-02-15 "Software Supply Chain Security - Key Terms, Players, and Projects You Need to Know About - Part 2" (The Secure Developer Episode 127) with Guy Podjarny, Simon Maple, Lena Smart, Emily Fox, Aeva Black, Brian Behlendorf, Jim Zemlin, and Dr. David A. Wheeler The Secure Developer Podcast
2022-12-23 Interviewee, Software bills of material face long road to adoption by Elias Groll and John Hewitt Jones CyberScoop
2022-12-17 Open Source Software Security (OpenCode '22) OpenCode '22, Technical Society of Indian Institute of Information Technology, Allahabad, India
2022-12-15 Interviewee, Supporter spotlight: David A. Wheeler on supply chain security Reproducible Builds project
2022-12-05..06 Speaker OpenSSF Day Japan, part of Open Source Summit Japan 2022, Yokohama, Japan
2022-12-02 Speaker/panelist Trustworthy and Secure OSS, Open Source Workshops for Computing and Sustainability, organised by the European Commission in collaboration with the SWForum.eu Coordination and Support Action, Brussels, Belgium
2022-11-16 Speaker (video recording) (announcement) TechStrong DevOps Experience 2022 (agenda)
2022-11-16 OpenSSF Expands Supply Chain Integrity Efforts with S2C2F OpenSSF Blog
2022-11-08..11 Participant Linux Foundation Member Summit / OpenSSF Governing Board Meeting
2022-11-07 Open Source Security Foundation (OpenSSF) Best Practices Working Group (WG) (recorded) OpenSSF China Summit
2022-11-03 "Linux Foundation & Open Source Security Foundation Input to Cybersecurity RFI from the OCND" (Co-author) Response to the US Office of the National Cyber Director Requests Your Insight and Expertise on Cyber Workforce, Training, and Education RFI
2021-10-31 "For More Secure Code, Cybersecurity Needs to Shift Left" by David A. Wheeler National Initiative for Cybersecurity Education (NICE) Fall 2022 Quarterly eNewsletter
2022-10-19..20 Speaker OSPOlogy.live Workshop, Stockholm, Sweden. This was a "Workshop to help organizations effectively implement Open Source Program Offices (OSPOs) based on specific region needs in Europe. October's Ospology.live is hosted by OSPO at Ericsson and co-organized with TODO, OpenChain, SPDX, CHAOSS and OpenSSF projects."
2022-10-14 ‘We don’t teach developers how to write secure software’ – Linux Foundation’s David A Wheeler on reversing the CVE surge (interview of me by Adam Bannister) The Daily Swig
2022-10-11 Securing Open Source Software is Securing Critical Infrastructure (author) OpenSSF Blog
2022-10-06 Security and Open Source Software Telefonica Meetup
2022-09-28..29 Speaker, Open Source Software is Critical Infrastructure pictures: 1 2 2022 Critical Infrastructure Security Summit, American Institute of Architects HQ, Washington, DC
2022-09-27 The United States Securing Open Source Software Act: What You Need to Know (Act summary) (Co-author) OpenSSF Blog
2022-09-21..22 Securing the software that matters Open Mainframe Summit 2022, Philadelphia, PA (presentations)
2022-09-19 Open-Source Community (presenter/panelist) NCCOE DevOps Workshop (agenda and bios) by NIST
2022-09-13 "A Proposal to Operationalize Component Identification for Vulnerability Management" (co-author) SBOM Forum (OWASP, Linux Foundation, and many others)
2022-09-05 "OpenSSF Launches npm Best Practices" (quoted) OpenSourceForU
2022-08-24..25 Steering Committee and panelist in "Behavioral & Economic Incentives to Secure the OSS Ecosystem" panel Open-Source Software Security Initiative Workshop, initiated by the White House Office of Management and Budget (OMB), the National Science Foundation (NSF), and the National Institute of Standards and Technology (NIST) (Summary in Recommendations from the Workshop on Open-source Software Security Initiative by Angelos D. Keromytis, Georgia Institute of Technology)
2022-08-19 Capital One And Akamai Joins The Open Source Security Group by Laveesh Kocher (quoted) OpenSourceforU.com
2022-08-18 Don’t leave open source open to vulnerabilities (quoted) VentureBeat
2022-08-18 “We have an endemic problem” OpenSSF director warns over secure development (quoted) The Stack
2022-08-17 Capital One, Akamai among 13 organizations added to open source security group (quoted) SC Magazine
2022-08-15 How to get involved in OpenSSF Working Groups and Projects OpenSSF Town Hall
2022-08-12 The missing ingredient in software security: grassroots education TEISS newsletter. Quote: "I was recently asked, “what’s the role of grassroots education in developing secure software and securing software supply chains?” My answer is “none, because we lack grass.” ... Relatively few software developers know how to develop secure software, or how to secure their software supply chains." Access is no cost but registration is required.
2022-08-15 Open Source Security Foundation - David A. Wheeler, Linux Foundation; Interview with Alan Shimel TechStrong TV
2022-08-02 Let's talk Open Source Supply Chain with David A. Wheeler, Linux Foundation In the Nic of Time with Nic Chaillan, former U.S. Air Force and Space Force Chief Software Officer
2022-06-23..24 Program Committee, Linux Security Summit Open Source Summit - North America, Austin, TX
2022-06-23 David A. Wheeler, Linux Foundation | Open Source Summit NA 2022 (interview by Alan Shimel) TechStrong TV, Digital Anarchist Network
2022-06-22 Manage Session Panel Discussion: Summing Up the Summit: OpenSSF’s May 2022 Gathering and Action Plan Open Source Summit - North America, Austin, TX
2022-06-21..22 Program Committee, SupplyChainSecurityCon Open Source Summit - North America, Austin, TX
2022-06-20 Education & Training for Secure Software Development & Distribution (slides) OpenSSF Day, Austin, TX (schedule, other presentations)
2022-05-12..13 Stream 1 (Education) lead and Participant, in response to the Open Source Software Security Mobilization Plan. Images: 1, 2, 3. Open Source Software (OSS) Summit II, Linux Foundation & US White House, Washington, DC
2022-05-12 Open Source Software Security Mobilization Plan that I co-edited and contributed to. Open Source Software (OSS) Summit II, Linux Foundation & US White House, Washington, DC
2022-05-11 Invited Panelist Wilson Center Roundtable on Open Source, Cybersecurity, and Artificial Intelligence (AI). This was hosted through a collaboration within the Science and Technology Innovation Program. The work is funded by the Alfred P. Sloan Foundation who funds their work on the paradigms of Open Hardware and Open Science.
2022-04-28 Introducing Package Analysis: Scanning open source packages for malicious behavior OpenSSF blog
2022-04-21 "Secure Software Development: Discussion for the LFN" (video) (slides) Linux Foundation Networking (LFN)
2022-04-08 Improving Open Source Software Security FOSSASIA Summit 2022 by FOSSASIA
2022-03-02 Census II Context Linux Foundation (LF) Webinar: Census II of Open Source Software Application Libraries the World Depends On (report)
2022-02-17 Security Measures For Critical Software Office of Information Security (OIS) Lunch and Learn (VA)
2022-02-08 Mission:data Hearing Exhibit 300 Answer Testimony of Wheeler Rev. 1 (testimony as an expert witness, on behalf of Mission:data Coalition) Proceeding 21A-0279E, "In the matter of the application of Public Service Company of Colorado for approval to amend the certificate of public convenience and necessity for its Advanced Grid Intelligence and Security (AGIS) initiative" Colorado Dept. of Regulatory Agencies (Search for Proceeding 21A-0279E)
2022-02-14 Securing "the" Open Source (Episode S2E6, David A. Wheeler joins) Security Unhappy Hour
2022-02-07 Investing in Open Source Software (OSS) Security (scheduled) CERT Vendor Meeting 2022
2022-01-13 Co-author of Linux Foundation / Open Source Security Foundation (OpenSSF) presentation and participant in workshop (US) White House Software Security Summit
2022-01-07 log4j / Log4Shell: What are they & what can we learn? MIT CAMS (MIT's cybersecurity initiative) weekly research seminar for its community of academics and industry practitioners.
2021-12-01 Linux Foundation: Defending the Global Software Supply Chain from Cyberattacks in 2021 (co-author) Linux Foundation Blog
2021-11-21 (recorded 2021-11-17) Episode 298 – David A Wheeler discusses the OpenSSF Open Source Security Podcast
2021-11-16 Panel 2: Enhancing Software and Technology Supply Chain Security NICE Symposium: A Coordinated Approach to Supply Chain Risks
2021-11-09..10 OpenSSF CII Best Practices Badge Open Source Experience 2021, Paris, France; they're expecting 200 speakers, 70 exhibitors, and 4500 attendees
2021-10-14 "Linux Foundation Security Executive Order (EO)" by David A. Wheeler & Kate Stewart Wind River Learning Session
2021-10-11 (Program committee member) SupplyChainSecurityCon North America, Los Angeles, California + Virtual, hosted by Cloud Native Computing Foundation (CNCF) and the Continuous Delivery Foundation (CDF)
2021-09-29 Keynote speaker (image Open Source Summit + Embedded Linux Conference + OSPOCon, Seattle, Washington
2021-09-29 .. 10-01 (Program committee member) Linux Security Summit (LSS) North America, Seattle, Washington + Virtual
2021-09-28 Episode 262: Interview [with David A. Wheeler] Roaring elephant (podcast), recorded 2021-09-08
2021-09-15 Panelist in Technical Requirements for Software Cybersecurity Labels NIST Cybersecurity Labeling Programs for Consumers: Internet of Things (IoT) Devices and Software
2021-08-18 Supply Chain Cybersecurity (Keynote presentation) Building Cybersecurity into the Software Supply Chain Town Hall Virtual Event; see the video playlist
2021-08-17 Cybersecurity Labeling Programs for Consumers of IoT Devices and Software Linux Foundation's response to the US NIST Workshop and Call for Papers on Cybersecurity Labeling Programs for Consumers: Internet of Things (IoT) Devices and Software
2021-08-17 Quoted in BlackBerry resisted announcing major flaw in software powering cars, hospital equipment Politico (Cybersecurity area)
2021-08-10 Funded open source security work at the Linux Foundation Linux Foundation blog (post). Quoted in "Get paid to improve Linux and open-source security" by Steven J. Vaughan-Nichols (ZDNet) and "Receive money to improve Linux security and open source software" by Team Security (Bollyinside)
2021-08-09 Post-Approval LF Security Funding (typical LF oversight process) Linux Foundation (LF)
2021-08-04 Open Source Software & Supply Chain Security Open Source Days, hosted by the Academy Software Foundation
2021-07-29 Open Source Software & Supply Chain Security (David A. Wheeler and Kay Williams) Enduring Security Framework (ESF) Software Supply Chain Working Panel
2021-07-24 (recorded) Software Bills of Material (SBOMs), Kate Stewart and David A. Wheeler The Federal Drive with Tom Temin, Federal News Network
2021-07-20 Developing secure open source software (OSS) - recording & slides available Linux Foundation Live (Virtual) Mentoring series
2021-06-30 Is Open Source Ready For Biden’s Executive Order For Cybersecurity? Video interview with Swapnil "Swap" Bhartiya, TFiR (recorded 2021-06-08)
2021-06-08 Lead author of LF position papers on criteria for critical software (#1), best practices (#2), the use of critical software (#3), testing (#4), and integrity chains (#5). Linux Foundation's response to the Call for Position Papers on Standards and Guidelines for Enhancing Software Supply Chain Security (per 2021 US Executive Order on Cybersecurity)
2021-06-02 Panel 1: Criteria for Designating Critical Software (speaker and panelist) Enhancing Software Supply Chain Security: Workshop and Call for Position Papers on Standards and Guidelines (see their Software Supply Chain: Executive Order site
2021-05-27 Securing the Software Supply Chain (panel) Software Delivery Leadership Forum
2021-05-26 Software Bill of Materials and uncovering threats in the software supply chain Stuart Phillips, Interos | Kate Stewart, Linux Foundation | David A. Wheeler, Linux Foundation BrighTALK
2021-05-20 Securing the Development & Supply Chain of Open Source Software (OSS) QCon Plus 2021, May 17-28, 2021
2021-05-18 Critical Update: Do You Know What’s In Your Software? Nextgov (quoted in article)
2021-05-14 How Linux Foundation (LF) communityies enable security measures required by the US Executive Order on Cybersecurity Linux Foundation blog (post)
2021-05-11 Keynote « Open Source Supply Chain Security » Cyber 4 Open Source webinar, La Securite des Logiciels Open Source (The security of open source software)
2021-05-06 "How NOT to do research on an open source community..." by Greg Kroah-Hartman and David A. Wheeler Discussion, cited by LWN
2021-05-04 Securing Open Source (Keynote) Cloud Native Security Day
2021-05-03 OpenSSF Town Hall (esp. "In the News") Open Source Security (OpenSSF) Town Hall
2021-04-27 Open Source Supply Chain Risk Management NASA’s Information Communication Technology (ICT) Supply Chain Risk Management (SCRM) Service
2021-04-12 Fuzzing TechStrong TV Video Interview hosted by Charlene O'Hanlon with David A. Wheeler, Asra Ali, and Oliver Chang. See also Developers are buzzing on fuzzing. Recorded 2021-03-29.
2021-04-09 (recorded) US Government & software supply chain security Nextgov, interviewed by Staff Correspondent Mariam Baksh, Government Executive Media Group
2021-03-26 (recorded) Open Source Security with Dr. David A. Wheeler, episode 91 The Secure Developer Podcast (Guy Podjarny, Snyk) - via DevSecCon
2021-03-25 "Why Won’t Developers Always Just Write Secure Open Source Software?" by Frank Nagle and David A. Wheeler US NITRD CSIA
2021-03-03 "Securing Software Supply Chains" hosted by Derek Weeks, interviewing Brian Fox (Co-founder/CTO Sonatype), David A. Wheeler (Linux Foundation), and Trey Herr (Atlantic Council) Sonatype
2021-03-03 2-4pm ET "Why Won’t Developers Always Just Write Secure Open Source Software?" by Frank Nagle and David A. Wheeler US Information Security and Privacy Advisory Board (ISPAB)
2021-02-26 (recorded) Kim Lewandowski + David Wheeler + John Speed (panel discussion, esp. on Typosquatting, hosted by Charlene O'Hanlon) TechStrong TV
2021-02-23 EXCLUSIVE INTERVIEW: Lessons Learned From the SolarWinds Supply Chain Hack by Jack M. Germain LinuxInsider
2021-02-22 OpenSSF Town Hall (co-presenter) Open Source Security Foundation (OpenSSF)
2021-02-09 David Wheeler + Kim Lewandowski + Santiago Torres-Arias (panel discussion into open source supply chain security, hosted by Charlene O'Hanlon) TechStrong TV
2021-01-26 Episode #212: Security Requires Thinking (His Monkey, His Circus) Dave & Gunnar Show (audio podcast) (see all my visits there)
2021-01-22 "David A. Wheeler - Security Lessons From a Rapidly Evolving Open Source Ecosystem" (audio podcast) The Balancing Act by Security Compass
2021-01-20 Supply-Chain Security: A 10-Point Audit (by Derek Weeks and David A. Wheeler) (video live webcast) (announcement) threatpost
2021-01-13 Preventing Supply Chain Attacks like SolarWinds Linux Foundation blog
2020-12-16 Linux Foundation: Improving Open Source Software Security FLOSS Weekly podcast #609
2020-12-08 Report on the 2020 FOSS Contributor Survey by Frank Nagle, David A. Wheeler, Hila Lifshitz-Assaf, Haylee Ham, and Jennifer L. Hoffman. Report from the Linux Foundation and the Laboratory for Innovation Science at Harvard. (press release)
2020-08-06 Episode #202: Linux Foundations (interview with David A. Wheeler) Dave & Gunnar Show (audio podcast)
2020-07-24 Managing Risks and Opportunities in Open Source with Frank Nagle & David A. Wheeler CHAOSS Podcast
2020-04 Initial Analysis of Underhanded Source Code IDA Document D-13166
2019-10-12 CII Best Practices Badge Update FLOSS Weekly podcast #550
2019-09 A Partial Survey on AI Technologies Applicable to Automated Source Code Generation IDA NS D-10790
2019-06-02 Metamath: A Computer Language for Mathematical Proofs by Norman Megill and David A. Wheeler Book, published by Lulu Press. You can get it nearly everywhere (e.g., via Amazon), but getting it directly from Lulu is cheaper.
2019-03-20 Railroader (a security static analysis tool for Rails) FLOSS Weekly podcast #522
2019-03-12..14 CII Best Practices Badge Project in 2019 Open Source Leadership Summit (a Linux Foundation event), Ritz Carlton Half Moon Bay, Half Moon Bay, California
2018-12 A Sample Security Assurance Case Pattern IDA paper P-9278. Note: E. Kenneth Hong Fong was the project leader but not an author.
2018-11-05..06 Approaches to Cyber-Resilience through Language System Design (working title) High Integrity Language Technology (HILT) International Workshop on Cyber-Security Interaction with High Integrity, Boston, Massachusetts. Organized by the Association for Computing Machinery (ACM) SigAda special interest group.
2018-07 Securely Using Software Assurance (SwA) Tools in the Software DevelopmentEnvironmen, David A. Wheeler and Daniel J. Reddy IDA Document P-9166. Note: E. Kenneth Hong Fong was project leader but not a co-author.
2018-06-27 If it works, it's legacy: analysis of legacy code Sound Static Analysis for Security, NIST, Gaithersburg, MD
2018-05-23 Open Source Software & the US Department of Defense Platform Security Summit, May 23-24, 2018, Fairfax, VA
2018-05-01 Secure Software Education & Training: Some thoughts Software and Supply Chain Assurance (SSCA) Forum, Co-sponsored by the U.S. Department of Homeland Security (DHS), Department of Defense (DoD), National Institute of Standards and Technology (NIST), and the General Services Administration (GSA). May 1-2, 2018, MITRE, McLean, VA
2018-03-15 Software Assurance & Software Data Rights: Starting a Discussion Software Assurance (SwA) Community of Practice (COP), MITRE, McLean, VA
2018-01-31 Current and future DoD policies on open source software DoD Software Development and Release conference, US Army Engineer Research and Development Center, Mississippi
2017-09-14 CII Badge Project: 1.5 years later Linux Security Summit 2017, Los Angeles, California
2017-08 The Software Assurance State-of-the-Art Resource (SOAR) [summary] IDA NS D-8462. This is a summary. For the document see State-of-the-Art Resources (SOAR) for Software Vulnerability Detection, Test, and Evaluation 2016 including its Appendix E.
2017-06-14 The State of Open Source Software (OSS) in the US Federal Government 2017 Open Source Summit: Succeeding with the New Federal Open Source Policy, Open Source Electronic Health Record Alliance (OSEHRA)
2017-10-31 Core Infrastructure Initiative (CII) Open Source Software Census II Strategy by David A. Wheeler and Jason N. Dossett IDA Document D-8777. Note: at the time we determined there were at least 3.26 million significant OSS projects (the number is explained in the paper).
2016-05-10 Episode #113: Badge of Open Source Honor Dave & Gunnar Show (audio podcast) (see all my visits there)
2016-10-20 Open Source Software Practices & Principles for Cybersecurity Technology Transition Open Source Automotive Cybersecurity Research Tools Forum, Cambridge, MA
2016-10-04 Linux Foundation Core Infrastructure Initiative (CII) Best Practices Badge Software and Supply Chain Assurance (SSCA) Forum, Co-sponsored by the U.S. Department of Homeland Security (DHS), Department of Defense (DoD), National Institute of Standards and Technology (NIST), and the General Services Administration (GSA). October 3-5, 2016
2016-09-21 Linux Foundation Core Infrastructure Initiative (CII) Best Practices Badge (keynote) OW2 Conference 2016, Paris, France
2016-11 State-of-the-Art Resources (SOAR) for Software Vulnerability Detection, Test, and Evaluation 2016 including Appendix E by David A. Wheeler and Amy E. Henninger. IDA Paper P-8005
2016-08-09 Metamath Proof Explorer (MPE): A Modern Principia Mathematica Youtube video
2016-06-28 Core Infrastructure Initiative (CII) Best-Practices Badge Criteria IDA NS D-8054
2016-05-24 Best Practices Badge FLOSS Weekly podcast #389
2016-03-31 Census and Badging Linux Foundation Collaboration Summit, Resort at Squaw Creek, Lake Tahoe, CA
2015-10-24 Using an Open Source Software Approach for Cybersecurity Technology Transition IDA Paper P-5279
2015-10-23 Open Source Software OpenHatch at Mason, George Mason University (GMU), Fairfax, VA. (Organized with the Mason Student-Run Computing and GMU GNU/Linux User Group). OpenHatch itself is a "non-profit dedicated to matching prospective free software contributors with communities, tools, and education".
2015-06-30 Software SOAR Information Assurance Symposium (IAS), Washington Convention Center, Washington DC
2015-06-23 Preventing Heartbleed and other topics Linux Foundation (LF) Core Infrastructure Initiative (CII)
2015-06-19 Open Source Software Projects Needing Security Investments by David A. Wheeler and Samir Khakimov (alternate location) (OpenSSF landing page with link to Census I) IDA Document D-5459 (aka "Census I")
2015-04-22, 08:00 Countering Development Environment Attacks RSA Conference (USA 2015), San Francisco, CA (along with Dan Reddy)
2015-02-19 Software SOAR Boeing BMA
2014-08-13 Heartbleed 101 by Marco Carvalho, Jared DeMott, Richard Ford, and David A. Wheeler. IEEE Security & Privacy, Volume 12, Issue 4, 2014-08-13, pp. 63-67, ISSN DOI 10.1109/MSP.2014.66.
2014-08 Preventing Heartbleed by David A. Wheeler (article) IEEE Computer, Volume 47, Issue 8. August 2014. pp. 80-83.
2014-06-24 Preventing Heartbleed. Content Understanding Forum: Industry's Promising Practices Institute for Defense Analyses (IDA). Note: Jeff Hawkins (founder of Numenta) also presented; there have been some amazing advances in our understanding of the brain.
2014-06-10 David A. Wheeler on the Current State of Application Security (audio no longer available) Interview by Trusted Software Alliance
2014-05-20 Episode #51: A Visit with the Doctor Dave & Gunnar Show (audio podcast)
2014-02-25, 18:30-21:00 (Interview of me) "US government accelerating development and release of open source" by Mark Bohannon Opensource.com
2014-02-25, 18:30-21:00 Open Source Software and Government American Society for Quality, Washington, DC and Maryland Metro section 509, Software SIG meeting, MITRE-1, 7525 Colshire Dr, McLean, VA 22102
2013-12-18 Software (security) state-of-the-art resource (SOAR) Software and Supply Chain Assurance (SSCA) Work Group, MITRE-1, 7525 Colshire Dr, McLean, VA 22102
2013-12-03 Software (security) state-of-the-art resource (SOAR) SINET 2013 at National Press Club, Washington, DC
2013-11-07 Cyber Attack Attribution Techniques National Defense Industrial Association (NDIA), Cyber division meeting
2013-11-06 Software Assurance (SwA), Supply Chain Risk Management (SCRM), and Open Source Software Defense Acquisition University (DAU), Ft. Belvoir, VA.
2013-09-19 Homeland Open Security Technology (HOST). Software and Supply Chain Assurance forum (SSCA), Mclean, VA; hosted by DoD and DHS. I was standing in for Daniel Massey, the HOST Program Manager.
2013-09-17 Software Assurance (SwA), Supply Chain Risk Management (SCRM), and Open Source Software Defense Acquisition University (DAU) PAX River, California, MD, 20619
2013-09-16 Open source software panel Department of Homeland Security (DHS) S+T PI Meeting
2013-09-10 Open Source and Security Government Innovators Virtual Summit, GovLoop
2013-09-06 Open source software and security [Electrical] Grid Open Source Software Alliance (GOSSA), National Rural Electric Cooperative Association, Arlington, VA
2013-09-04, 1330-1415 Open source software and intellectual property (IP) management Open Source Electronic Health Record (EHR) Summit & Workshop, Bethesda, Maryland; sponsored by the Open Source Electronic Health Record Agent (OSEHRA)
2013-09 Parallel Compilation on Virtual Machines in a Development Cloud Environment IDA Document D-4996
2013-08-14 Keynote presentation: How to Open Source in Government Drupal4Gov 2013, Washington, DC
2013-08-13 What is Open Security? IDA NS D-4993
2013-08 Case Study: OpenSSL 2012 Validation IDA Document D-4991
2013-05-22 Running Open Source Software projects Open Source Software for the Smart Grid Workshop, Houston, TX
2013-05-09, 0900-1200 (EDT) Open source software “Open Source License Clinic” Hosted by the non-profit Open Source Initiative (OSI). Library of Congress, 101 Independence Ave SE, Madison Building, 6th Floor, Dining Room A, Washington, DC 20540.
2013-03-04 "Open Source Software, Government, and Cyber Security" (presentation) Association for Computing Machinery (ACM), Washington, DC Chapter. 1203 19th St, 3rd Floor, Washington, DC.
2013-01-14 Open Source Software in Government Challenges and Opportunities (and) OpenSSL 2012 FIPS 140-2 Validation #1747 Case Study DHS Industry Day 2013, Maritime Institute Conference Center, Linthicum, Maryland
2012-10-23 Innovation panel (with Christopher Dale, Matt Micene, and Michael Tiemann) [picture] [picture] [article] Red Hat Government Symposium, Washington, DC
2012-10-18 Security and Open Source Software Open Cybersecurity Summit, Schafer Conference Center, Washington, DC
2012-10-17 Open Source Software and the U.S. Department of Defense Open Source Electronic Health Record Agent (OSEHRA), Gaylord Convention Center, National Harbor, Maryland
2012-10-15..16 Navigating Laws & Regulations on OSS; OSS in Government: Challenges & Opportunities Military Open Source Software (MIL-OSS) Working Group 4 (WG4), Arlington, Virginia
2012-09-20 Homeland Open Security Technologies (HOST): Leveraging Open Source Software in Support of National Cyber Security Objectives Software Assurance (SwA) forum (sponsored by the Department of Defense (DoD) and Department of Homeland Security (DHS)), McLean, VA
2012-08-29 Countering Vulnerable/Obsolete Software Libraries Diminishing Manufacturing Sources and Material Shortages (DMSMS) & Standardization 2012, New Orleans, LA (Cancelled due to hurricane)
2012-07-31 Software Assurance (SwA), Supply Chain Risk Management (SCRM), and Open Source Software Defense Acquisition University (DAU), Ft. Belvoir, VA.
2012-07-17 5 Questions with David A. Wheeler by Melanie Chernoff Opensource.com
2012-06-21 Releasing software or software changes developed with federal government funding - deciphering contracts/laws so you can build your community Open Source Summit 2012 (hosted by NASA, the Veteran Affairs Innovation Initiative (VAi2), and the State Department), University of Maryland, College Park, MD.
2012-06-19 Software Assurance (SwA), Supply Chain Risk Management (SCRM), and Open Source Software Defense Acquisition University (DAU), Ft. Belvoir, VA.
2012-06-07 Lessons Learned: Roadblocks and Opportunities for Open Source Software (OSS) in U.S. Government (GovLoop) GovLoop (Webinar) [FierceGovernment coverage]
2012-05-30 OSS Licensing; Challenges and Opportunities OSSI Industry Day, JHU APL, 11100 John Hopkins Road, Laurel, MD (starts 7:30am)
2012-05-16 Receipt of the "Outstanding Adjunct Faculty Award" for my work teaching the graduate course "Secure Software Design and Programming" (SWE 781/ISA 681). George Mason University (GMU) Department of Computer Science, Celebration & Awards Dinner, Fairfax, VA.
2012-04-19 Open Source Software: U.S. Government and Security Rensselaer Polytechnic Institute (RPI), Troy, NY
2012-04-12 The State of Open Source in the Federal IT Landscape FOSS4G North America 2012, Washington, DC
2011-11-09..11 Keynote ApacheCon North America 2011, Vancouver, British Columbia, Canada
2011-09-22 Security and Open Source Software Open Source Software and the Military Health System, Virginia Tech Research Center, Arlington, VA
2011-08-30.. 2011-09-01 Open Source Software Military Open Source Software (MIL-OSS) WG3, Atlanta, GA
2011-08-23 Open Source Software (OSS) and Total Cost of Ownership (TCO) Government Open Source Conference (GOSCON) 2011, part of Innovation Nation 2011, Washington Convention Center, Washington, DC. My talk on financial issues followed Dr. Alan Greenspan — talk about pressure! The tagline was "Shake IT up"; an earthquake halted the conference early, so I guess they really meant it.
2011-04-06 Open Source Software and the DoD FLOSS Weekly #160, an interview of me by Randal Schwartz and Simon Phipps
2011-03-29 Open Source Software: What is possible? NASA Open Source Summit 2011, Ames Research Center, Mountain View, CA. O'Reilly Radar posted a summary.
2011-03-23 Open Source Software (Look at the Numbers!) Palmetto Open Source Software Conference (POSSCON) 2011, Columbia, SC
2010-08-02..05 Open Source Software and Security MIL-OSS 2010, Washington, DC
2010-06-26 Open Source Software CENDI, the Law Library of Congress, and the Federal Library and Information Center Committee Open Source Software and Copyright: Legal and Business Considerations for Government Use, Library of Congress, Madison Building, Washington, DC
2010-06-15 Expert Witness on "Planning for the Future of Cyber Attack Attribution" U.S. House of Representatives, Committee on Science & Technology, Subcommittee on Technology & Innovation [transcript] [report] [picture]
2010-04-24..26 Open Source Software and Security (includes some info on Open Proofs) [ODP] [PDF] Free/Open Source Software Technologies (FOSST), King Abdulaziz City for Science and Technology (KACST), Riyadh, Saudi Arabia
2009-11-23 Fully Countering Trusting Trust through Diverse Double-Compiling (DDC) Innovation Hall room 105, George Mason University (GMU), Fairfax, VA
2009-11-05 Open Source Software. GOSCON, Ronald Reagan Building and International Trade Center, Washington, DC.
2009-08-12..13 Open Source Software panel discussion, open proofs Mil-OSS, Atlanta, GA.
2009-06-18 Open Source Software panel discussion NRO CTO conference (panel discussion along with Dan Risacher (DoD), Michael Tiemann (Red Hat), and John Scott)
2008-09-24 Software Assurance and Open Source Software FASTER group, National Coordination Office (NCO) for Networking and Information Technology Research and Development (NITRD). NCO/NITRD is the primary mechanism by which the U.S. Government coordinates its unclassified networking and information technology (IT) research and development (R&D) investments.
2008-08-08 Open Proofs Defense BarCamp
2008-06-12 Securing Open Source Software [ODP] OWASP (Northern Virginia), Herndon, VA
2008-05-07 Securing Open Source Software 8th Semi-Annual Software Assurance Forum, May 6-8, 2008, Sheraton Premiere, Tyson's Corner in Vienna, Virginia.
2008-02-11 Open Source Software and the DoD Data & Analysis Center for Software (DACS) series. "Open source software (OSS) has become widespread, but there are many misconceptions about it - resulting in numerous missed opportunities. This presentation will clarify what OSS is (and isn't), rebut common misunderstandings about OSS, discuss the relationship of OSS and security, discuss how to find and evaluate OSS, and explain OSS licensing (including how to combine products and select a license). It will show why nearly all extant OSS is COTS software, and thus why it's illegal (as well as foolish) to ignore OSS options."
2007-12-11..12 (1) OSS Licensing and (2) Security and Open Systems / Open Source 3rd DoD Open Conference: Deployment of Open Technologies and Architectures within Military Systems
2007-07-23 What's Ahead for OSS and DoD The Open Group, Real-time and Embedded Systems Forum, Austin, TX
2007-03-14 Open Source Software (OSS) [for government acquisitions] [PDF] [ODF] [PPT] [OGG] [MP3] [FLAC] [As text] Open Source - Open Standards - Open Architecture: DoD Open Technology Development and Open Source Geospatial Software by the non-profit Association for Enterprise Integration (AFEI), a member of the National Defense Industrial Association (NDIA) family of associations. Held at the Hyatt Hotel Crystal City, Arlington, VA. I was the only person on the panel who wasn't directly employed by the U.S. government. My presentation appears to have inspired a Navy policy memo on OSS.
2006-12-12 FLOSS and Software Assurance / Security Towards a Transparent Acquisition Marketplace for Increased Mission Agility with Open Technology Development, sponsored by the U.S. GSA. Held at the National Science Foundation (NSF) in Rosslyn, VA. An organizer said, "Thank you for your superb presentation and contribution."
2006-07-12 "Open Standards and Security (and OpenDocument too)" Columbia LUG. HP building, 8890 McGaw Rd Ste 100, Columbia, MD.
2006-07-08 Free-Libre/Open Source Software (FLOSS) and Security NovaLUG. Washington Technology Park/CSC (formerly Dyncorp), 15000 Conference Center Drive, Chantilly, VA.
2006-05-17, 19:00 "FLOSS and security." DCLUG. 2025 M Street NW, Washington DC.
2006-04-26, 14:00 Open source software and security (plenary speaker) The Open Group's "Architecting to the Edge" conference. Hilton Crystal City, Crystal City, Arlington, VA. Allen Brown (CEO and President) wrote, "The Washington meeting was one of our best-attended conferences ever... We couldn't have have made it one of our most successful events without your participation, contribution and confidence".
2006-04-04 Open Standards and Security [ODF] [OGG] [MP3] [FLAC] LinuxWorld 2006's "Government Day" focusing on open standards, Boston, MA. See my commentary. NewsForge reported on my talk, saying: "Of all the speakers I heard, two really made me sit up and pay attention... [one was David Wheeler, who] spoke in parables to illustrate just what open standards are and why they are important for IT infrastructure security... Through this talk I began to see how base standards in hardware and software could allow vendor innovation while preventing vendor lock-in."
2006-03-02 Countering Trusting Trust through Diverse Double-Compiling George Mason University (GMU), Fairfax, VA. (An interactive lecture about my ACSAC paper.)
2005-12-05 Countering Trusting Trust through Diverse Double-Compiling Annual Computer Security Applications Conference (ACSAC 2005), Tucson, Arizona. I describe and discuss a new approach to counters the "uncounterable" Trusting Trust attack, including an experiment that shows it works. Lots of people noticed this paper; Bruce Schneier even has a lengthy article about my paper, saying, "This [Trusting Trust] attack has long been part of the lore of computer security, and everyone knows that there's no defense. And that makes this paper by David A. Wheeler so interesting."
2005-10-11..12 Session Lead, Tools Open Web Application Security Project (OWASP) Application Security (AppSec) 2005 conference, NIST, Maryland
2005-06-03 "Why Free-libre / Open Source Software? Look at the Numbers!" "6th International Free Software Forum" / Fórum Internacional Software Livre (FISL) Porto Alegre, Brazil. My travelogue of FISL 2005 in Porto Alegre, Brazil got a lot of press, including a prominent citation in Groklaw. (The paper "Why OSS/FS? Look at the Numbers!" is also available.)
2004-10-27 "Security and Open Source Software". "Open Source Enterprise Solutions Conference" of the Tech Council of Maryland, Rockville, Maryland. My blog entry on this Tech Council of Maryland talk has more information. Interestingly, a large number of FLOSS security projects (both commercial and non-commercial) are based on Maryland.
2004-04-07 (Interview) "How useful are 'proprietary vs. open source' TCO studies?" by Robin 'Roblimo' Miller NewsForge
2004-03-16 "Open source software and security" Open Source in Government Conference 2004 (sponsored by the U.S. General Services Administration (GSA) and The Center of Open Source & Government of George Washington University), Washington, DC. My blog entry has more info.
2004-03-11 "Evaluating OSS/FS Programs." At the conference "You Paid What? A Workshop On Full Cost Accounting Methodology For Information Technology Projects In The Public Sector", Ottawa, Canada.
2004-02-03 "What Should Governments Examine in Acquiring COTS Open Source Software (OSS)?" Web-enabled Government conference, Ronald Reagan building, Washington, DC (a repeat of the very successful LinuxWorld January 2004 panel).
2004-01-22 "What Should Governments Examine in Acquiring COTS Open Source Software (OSS)?" LinuxWorld, New York City's Javits center. Blog entry.
2003-12-11 Security, Open Source, and Ada (Keynote speaker) SIGAda 2003, San Diego, CA.
2003-02-20, 19:00 Secure Programming for Linux and Unix HOWTO University of Baltimore, Baltimore, MD.
2002-08 "Under the Brim Interview with David A. Wheeler" by Jeremy Hogan "Under the Brim" (Red Hat's electronic magazine)
2002-02-16 Secure Programming for Linux and Unix HOWTO Free and Open Source Software Developers' European Meeting (FOSDEM 2002) conference, Brussels, Belgium. See my FOSDEM 2002 Travelogue.
2001-12-25 "David A. Wheeler's interview" FOSDEM 2002 interviews (these were interviews of people who were scheduled to speak at FOSDEM 2002)
2000-02-28 Linux Security Interview with David A. Wheeler by Brittany Day Linuxsecurity.com

Locations are in the United States of America (USA) unless otherwise noted.

I've given other public presentations besides these, but haven't gotten around to listing them.


Feel free to see my home page at https://dwheeler.com.