Presentations by David A. Wheeler

Below are some of the presentations that I plan to give or have given, in reverse chronological order. Dates are in ISO date format (YYYY-MM-DD).

Generally I talk about security / software assurance, free-libre / open source software (FLOSS or OSS/FS), open standards, software innovations, various specialized areas of computer technology, or some combination. I post many of my presentations on my website. I'm available for a few speaking engagements each year; I limit the number of trips away from the Washington, DC area, but I do travel if it's important/interesting. Contact me if you'd like me to speak at your event.

Date/TimeTopicOrganization/Sponsor, Location, Notes
2019-03-12..14 CII Best Practices Badge Project in 2019 Open Source Leadership Summit (a Linux Foundation event), Ritz Carlton Half Moon Bay, Half Moon Bay, California
2018-11-05..06 Approaches to Cyber-Resilience through Language System Design (working title) High Integrity Language Technology (HILT) International Workshop on Cyber-Security Interaction with High Integrity, Boston, Massachusetts. Organized by the Association for Computing Machinery (ACM) SigAda special interest group.
2018-06-27 If it works, it's legacy: analysis of legacy code Sound Static Analysis for Security, NIST, Gaithersburg, MD
2018-05-23 Open Source Software & the US Department of Defense Platform Security Summit, May 23-24, 2018, Fairfax, VA
2018-05-01 Secure Software Education & Training: Some thoughts Software and Supply Chain Assurance (SSCA) Forum, Co-sponsored by the U.S. Department of Homeland Security (DHS), Department of Defense (DoD), National Institute of Standards and Technology (NIST), and the General Services Administration (GSA). May 1-2, 2018, MITRE, McLean, VA
2018-03-15 Software Assurance & Software Data Rights: Starting a Discussion Software Assurance (SwA) Community of Practice (COP), MITRE, McLean, VA
2018-01-31 Current and future DoD policies on open source software DoD Software Development and Release conference, US Army Engineer Research and Development Center, Mississippi
2017-09-14 CII Badge Project: 1.5 years later Linux Security Summit 2017, Los Angeles, California
2017-06-14 The State of Open Source Software (OSS) in the US Federal Government 2017 Open Source Summit: Succeeding with the New Federal Open Source Policy, Open Source Electronic Health Record Alliance (OSEHRA)
2016-10-20 Open Source Software Practices & Principles for Cybersecurity Technology Transition Open Source Automotive Cybersecurity Research Tools Forum, Cambridge, MA
2016-10-04 Linux Foundation Core Infrastructure Initiative (CII) Best Practices Badge Software and Supply Chain Assurance (SSCA) Forum, Co-sponsored by the U.S. Department of Homeland Security (DHS), Department of Defense (DoD), National Institute of Standards and Technology (NIST), and the General Services Administration (GSA). October 3-5, 2016
2016-09-21 Linux Foundation Core Infrastructure Initiative (CII) Best Practices Badge (keynote) OW2 Conference 2016, Paris, France
2016-03-31 Census and Badging Linux Foundation Collaboration Summit, Resort at Squaw Creek, Lake Tahoe, CA
2015-10-23 Open Source Software OpenHatch at Mason, George Mason University (GMU), Fairfax, VA. (Organized with the Mason Student-Run Computing and GMU GNU/Linux User Group). OpenHatch itself is a "non-profit dedicated to matching prospective free software contributors with communities, tools, and education".
2015-06-30 Software SOAR Information Assurance Symposium (IAS), Washington Convention Center, Washington DC
2015-06-23 Preventing Heartbleed and other topics Linux Foundation (LF) Core Infrastructure Initiative (CII)
2015-04-22, 08:00 Countering Development Environment Attacks RSA Conference (USA 2015), San Francisco, CA (along with Dan Reddy)
2015-02-19 Software SOAR Boeing BMA
2014-06-24 Preventing Heartbleed. Content Understanding Forum: Industry's Promising Practices Institute for Defense Analyses (IDA). Note: Jeff Hawkins (founder of Numenta) also presented; there have been some amazing advances in our understanding of the brain.
2014-02-25, 18:30-21:00 Open Source Software and Government American Society for Quality, Washington, DC and Maryland Metro section 509, Software SIG meeting, MITRE-1, 7525 Colshire Dr, McLean, VA 22102
2013-12-18 Software (security) state-of-the-art resource (SOAR) Software and Supply Chain Assurance (SSCA) Work Group, MITRE-1, 7525 Colshire Dr, McLean, VA 22102
2013-12-03 Software (security) state-of-the-art resource (SOAR) SINET 2013 at National Press Club, Washington, DC
2013-11-07 Cyber Attack Attribution Techniques National Defense Industrial Association (NDIA), Cyber division meeting
2013-11-06 Software Assurance (SwA), Supply Chain Risk Management (SCRM), and Open Source Software Defense Acquisition University (DAU), Ft. Belvoir, VA.
2013-09-19 Homeland Open Security Technology (HOST). Software and Supply Chain Assurance forum (SSCA), Mclean, VA; hosted by DoD and DHS. I was standing in for Daniel Massey, the HOST Program Manager.
2013-09-17 Software Assurance (SwA), Supply Chain Risk Management (SCRM), and Open Source Software Defense Acquisition University (DAU) PAX River, California, MD, 20619
2013-09-16 Open source software panel Department of Homeland Security (DHS) S+T PI Meeting
2013-09-10 Open Source and Security Government Innovators Virtual Summit, GovLoop
2013-09-06 Open source software and security [Electrical] Grid Open Source Software Alliance (GOSSA), National Rural Electric Cooperative Association, Arlington, VA
2013-09-04, 1330-1415 Open source software and intellectual property (IP) management Open Source Electronic Health Record (EHR) Summit & Workshop, Bethesda, Maryland; sponsored by the Open Source Electronic Health Record Agent (OSEHRA)
2013-08-14 Keynote presentation: How to Open Source in Government Drupal4Gov 2013, Washington, DC
2013-05-22 Running Open Source Software projects Open Source Software for the Smart Grid Workshop, Houston, TX
2013-05-09, 0900-1200 (EDT) Open source software “Open Source License Clinic” Hosted by the non-profit Open Source Initiative (OSI). Library of Congress, 101 Independence Ave SE, Madison Building, 6th Floor, Dining Room A, Washington, DC 20540.
2013-03-04 "Open Source Software, Government, and Cyber Security" (presentation) Association for Computing Machinery (ACM), Washington, DC Chapter. 1203 19th St, 3rd Floor, Washington, DC.
2013-01-14 Open Source Software in Government Challenges and Opportunities (and) OpenSSL 2012 FIPS 140-2 Validation #1747 Case Study DHS Industry Day 2013, Maritime Institute Conference Center, Linthicum, Maryland
2012-10-23 Innovation panel (with Christopher Dale, Matt Micene, and Michael Tiemann) [picture] [picture] [article] Red Hat Government Symposium, Washington, DC
2012-10-18 Security and Open Source Software Open Cybersecurity Summit, Schafer Conference Center, Washington, DC
2012-10-17 Open Source Software and the U.S. Department of Defense Open Source Electronic Health Record Agent (OSEHRA), Gaylord Convention Center, National Harbor, Maryland
2012-10-15..16 Navigating Laws & Regulations on OSS; OSS in Government: Challenges & Opportunities Military Open Source Software (MIL-OSS) Working Group 4 (WG4), Arlington, Virginia
2012-09-20 Homeland Open Security Technologies (HOST): Leveraging Open Source Software in Support of National Cyber Security Objectives Software Assurance (SwA) forum (sponsored by the Department of Defense (DoD) and Department of Homeland Security (DHS)), McLean, VA
2012-08-29 Countering Vulnerable/Obsolete Software Libraries Diminishing Manufacturing Sources and Material Shortages (DMSMS) & Standardization 2012, New Orleans, LA (Cancelled due to hurricane)
2012-07-31 Software Assurance (SwA), Supply Chain Risk Management (SCRM), and Open Source Software Defense Acquisition University (DAU), Ft. Belvoir, VA.
2012-06-21 Releasing software or software changes developed with federal government funding - deciphering contracts/laws so you can build your community Open Source Summit 2012 (hosted by NASA, the Veteran Affairs Innovation Initiative (VAi2), and the State Department), University of Maryland, College Park, MD.
2012-06-19 Software Assurance (SwA), Supply Chain Risk Management (SCRM), and Open Source Software Defense Acquisition University (DAU), Ft. Belvoir, VA.
2012-06-07 Lessons Learned: Roadblocks and Opportunities for Open Source Software (OSS) in U.S. Government (GovLoop) GovLoop (Webinar) [FierceGovernment coverage]
2012-05-30 OSS Licensing; Challenges and Opportunities OSSI Industry Day, JHU APL, 11100 John Hopkins Road, Laurel, MD (starts 7:30am)
2012-05-16 Receipt of the "Outstanding Adjunct Faculty Award" for my work teaching the graduate course "Secure Software Design and Programming" (SWE 781/ISA 681). George Mason University (GMU) Department of Computer Science, Celebration & Awards Dinner, Fairfax, VA.
2012-04-19 Open Source Software: U.S. Government and Security Rensselaer Polytechnic Institute (RPI), Troy, NY
2012-04-12 The State of Open Source in the Federal IT Landscape FOSS4G North America 2012, Washington, DC
2011-11-09..11 Keynote ApacheCon North America 2011, Vancouver, British Columbia, Canada
2011-09-22 Security and Open Source Software Open Source Software and the Military Health System, Virginia Tech Research Center, Arlington, VA
2011-08-30.. 2011-09-01 Open Source Software Military Open Source Software (MIL-OSS) WG3, Atlanta, GA
2011-08-23 Open Source Software (OSS) and Total Cost of Ownership (TCO) Government Open Source Conference (GOSCON) 2011, part of Innovation Nation 2011, Washington Convention Center, Washington, DC. My talk on financial issues followed Dr. Alan Greenspan — talk about pressure! The tagline was "Shake IT up"; an earthquake halted the conference early, so I guess they really meant it.
2011-04-06 Open Source Software and the DoD FLOSS Weekly #160, an interview of me by Randal Schwartz and Simon Phipps
2011-03-29 Open Source Software: What is possible? NASA Open Source Summit 2011, Ames Research Center, Mountain View, CA. O'Reilly Radar posted a summary.
2011-03-23 Open Source Software (Look at the Numbers!) Palmetto Open Source Software Conference (POSSCON) 2011, Columbia, SC
2010-08-02..05 Open Source Software and Security MIL-OSS 2010, Washington, DC
2010-06-26 Open Source Software CENDI, the Law Library of Congress, and the Federal Library and Information Center Committee Open Source Software and Copyright: Legal and Business Considerations for Government Use, Library of Congress, Madison Building, Washington, DC
2010-06-15 Expert Witness on "Planning for the Future of Cyber Attack Attribution" U.S. House of Representatives, Committee on Science & Technology, Subcommittee on Technology & Innovation [transcript] [report] [picture]
2010-04-24..26 Open Source Software and Security (includes some info on Open Proofs) [ODP] [PDF] Free/Open Source Software Technologies (FOSST), King Abdulaziz City for Science and Technology (KACST), Riyadh, Saudi Arabia
2009-11-23 Fully Countering Trusting Trust through Diverse Double-Compiling (DDC) Innovation Hall room 105, George Mason University (GMU), Fairfax, VA
2009-11-05 Open Source Software. GOSCON, Ronald Reagan Building and International Trade Center, Washington, DC.
2009-08-12..13 Open Source Software panel discussion, open proofs Mil-OSS, Atlanta, GA.
2009-06-18 Open Source Software panel discussion NRO CTO conference (panel discussion along with Dan Risacher (DoD), Michael Tiemann (Red Hat), and John Scott)
2008-09-24 Software Assurance and Open Source Software FASTER group, National Coordination Office (NCO) for Networking and Information Technology Research and Development (NITRD). NCO/NITRD is the primary mechanism by which the U.S. Government coordinates its unclassified networking and information technology (IT) research and development (R&D) investments.
2008-08-08 Open Proofs Defense BarCamp
2008-06-12 Securing Open Source Software [ODP] OWASP (Northern Virginia), Herndon, VA
2008-05-07 Securing Open Source Software 8th Semi-Annual Software Assurance Forum, May 6-8, 2008, Sheraton Premiere, Tyson's Corner in Vienna, Virginia.
2008-02-11 Open Source Software and the DoD Data & Analysis Center for Software (DACS) series. "Open source software (OSS) has become widespread, but there are many misconceptions about it - resulting in numerous missed opportunities. This presentation will clarify what OSS is (and isn't), rebut common misunderstandings about OSS, discuss the relationship of OSS and security, discuss how to find and evaluate OSS, and explain OSS licensing (including how to combine products and select a license). It will show why nearly all extant OSS is COTS software, and thus why it's illegal (as well as foolish) to ignore OSS options."
2007-12-11..12 (1) OSS Licensing and (2) Security and Open Systems / Open Source 3rd DoD Open Conference: Deployment of Open Technologies and Architectures within Military Systems
2007-07-23 What's Ahead for OSS and DoD The Open Group, Real-time and Embedded Systems Forum, Austin, TX
2007-03-14 Open Source Software (OSS) [for government acquisitions] [PDF] [ODF] [PPT] [OGG] [MP3] [FLAC] [As text] Open Source - Open Standards - Open Architecture: DoD Open Technology Development and Open Source Geospatial Software by the non-profit Association for Enterprise Integration (AFEI), a member of the National Defense Industrial Association (NDIA) family of associations. Held at the Hyatt Hotel Crystal City, Arlington, VA. I was the only person on the panel who wasn't directly employed by the U.S. government. My presentation appears to have inspired a Navy policy memo on OSS.
2006-12-12 FLOSS and Software Assurance / Security Towards a Transparent Acquisition Marketplace for Increased Mission Agility with Open Technology Development, sponsored by the U.S. GSA. Held at the National Science Foundation (NSF) in Rosslyn, VA. An organizer said, "Thank you for your superb presentation and contribution."
2006-07-12 "Open Standards and Security (and OpenDocument too)" Columbia LUG. HP building, 8890 McGaw Rd Ste 100, Columbia, MD.
2006-07-08 Free-Libre/Open Source Software (FLOSS) and Security NovaLUG. Washington Technology Park/CSC (formerly Dyncorp), 15000 Conference Center Drive, Chantilly, VA.
2006-05-17, 19:00 "FLOSS and security." DCLUG. 2025 M Street NW, Washington DC.
2006-04-26, 14:00 Open source software and security (plenary speaker) The Open Group's "Architecting to the Edge" conference. Hilton Crystal City, Crystal City, Arlington, VA. Allen Brown (CEO and President) wrote, "The Washington meeting was one of our best-attended conferences ever... We couldn't have have made it one of our most successful events without your participation, contribution and confidence".
2006-04-04 Open Standards and Security [ODF] [OGG] [MP3] [FLAC] LinuxWorld 2006's "Government Day" focusing on open standards, Boston, MA. See my commentary. NewsForge reported on my talk, saying: "Of all the speakers I heard, two really made me sit up and pay attention... [one was David Wheeler, who] spoke in parables to illustrate just what open standards are and why they are important for IT infrastructure security... Through this talk I began to see how base standards in hardware and software could allow vendor innovation while preventing vendor lock-in."
2006-03-02 Countering Trusting Trust through Diverse Double-Compiling George Mason University (GMU), Fairfax, VA. (An interactive lecture about my ACSAC paper.)
2005-12-05 Countering Trusting Trust through Diverse Double-Compiling Annual Computer Security Applications Conference (ACSAC 2005), Tucson, Arizona. I describe and discuss a new approach to counters the "uncounterable" Trusting Trust attack, including an experiment that shows it works. Lots of people noticed this paper; Bruce Schneier even has a lengthy article about my paper, saying, "This [Trusting Trust] attack has long been part of the lore of computer security, and everyone knows that there's no defense. And that makes this paper by David A. Wheeler so interesting."
2005-10-11..12 Session Lead, Tools Open Web Application Security Project (OWASP) Application Security (AppSec) 2005 conference, NIST, Maryland
2005-06-03 "Why Free-libre / Open Source Software? Look at the Numbers!" "6th International Free Software Forum" / Fórum Internacional Software Livre (FISL) Porto Alegre, Brazil. My travelogue of FISL 2005 in Porto Alegre, Brazil got a lot of press, including a prominent citation in Groklaw. (The paper "Why OSS/FS? Look at the Numbers!" is also available.)
2004-10-27 "Security and Open Source Software". "Open Source Enterprise Solutions Conference" of the Tech Council of Maryland, Rockville, Maryland. My blog entry on this Tech Council of Maryland talk has more information. Interestingly, a large number of FLOSS security projects (both commercial and non-commercial) are based on Maryland.
2004-03-16 "Open source software and security" Open Source in Government Conference 2004 (sponsored by the U.S. General Services Administration (GSA) and The Center of Open Source & Government of George Washington University), Washington, DC. My blog entry has more info.
2004-03-11 "Evaluating OSS/FS Programs." At the conference "You Paid What? A Workshop On Full Cost Accounting Methodology For Information Technology Projects In The Public Sector", Ottawa, Canada.
2004-02-03 "What Should Governments Examine in Acquiring COTS Open Source Software (OSS)?" Web-enabled Government conference, Ronald Reagan building, Washington, DC (a repeat of the very successful LinuxWorld January 2004 panel).
2004-01-22 "What Should Governments Examine in Acquiring COTS Open Source Software (OSS)?" LinuxWorld, New York City's Javits center. Blog entry.
2003-12-11 Security, Open Source, and Ada (Keynote speaker) SIGAda 2003, San Diego, CA.
2003-02-20, 19:00 Secure Programming for Linux and Unix HOWTO University of Baltimore, Baltimore, MD.
2002-02-16 Secure Programming for Linux and Unix HOWTO Free and Open Source Software Developers' European Meeting (FOSDEM 2002) conference, Brussels, Belgium. See my FOSDEM 2002 Travelogue.

Locations are in the United States of America (USA) unless otherwise noted.

I've given other public presentations besides these, but haven't gotten around to listing them.

Feel free to see my home page at