I'm currently working on business software in the cloud at NetSuite.
From 2003 to 2012 I was chief scientist at
Fortify Software where I worked
on solving software security problems. Fortify was aquired by Hewlett
Packard in September 2010. Back in 2008 I wrote a book on software
security: Secure Programming with Static Analysis. (I've created an errata page for the book here.)
Back in grad school, I spent my time
investigating the application of extended static
checking to the problem of finding security defects.
I've written up some notes on
Eau Claire, my extended static checker for C.
In a former life I worked on integrated circuit design and manufacturing
problems. I was a graduate student in the
SCTest group.
I worked on fault simulation, ATPG, and diagnosis in the
Nemesis system.