Computer fix

At first glance Gary McGraw (Philosophy ’88) is a study in opposites. He is a world-renowned software security expert who once walked the University Grounds in bare feet, philosophy books at hand. He deals daily with the technology networks that make global finances tick yet eschews crowds and chain restaurants for a rural lifestyle with his wife, Amy, and two sons in a house with a Blue Ridge view. He operates in the corporate world by day but recently returned to his academic roots as a member of the team that brought a computer science major to the College curriculum.

In McGraw’s case, characteristics that seem to be at odds are actually winning combinations. He lives his life by a model that breaks boundaries and brings alternate worlds into harmonious and symbiotic orbit.

The cross-pollination of interests and ideas that has led McGraw to so many interesting places began at the University. As a friendly and open-minded undergrad, McGraw stumbled upon Paul Humphreys’ “Computer, Minds, and Brains,” a course that covered artificial intelligence theory — a field of study that combined his interests in philosophy and abstract thought with his blossoming knack for computer programming languages and technological innovation.

After his stint at U.Va., McGraw continued on to Indiana University, where he earned a doctoral degree in computer science and cognitive science under Pulitzer Prize-winning scientist Douglas R. Hofstadter. It was at Indiana that McGraw began to understand his calling, part software security revolutionary, part technology philosopher and one very large part problem solver.

McGraw recalls the moment in the mid-’90s when fate and binary code combined to give him a very big break — one that fittingly began with something that was broken. “These very good engineers, very famous men, were creating things … creating Java,” McGraw said. Java was created so that information could be used and moved in new ways, he adds, but it lacked the built-in security capabilities that would keep software systems and valuable data safe.

McGraw joined a team of computer scientists that included Ed Felten of Princeton University and set about finding a solution. Their first task was to prove that there was a security problem to fix in the first place. So they assumed the role of black hats (a term that denotes the “bad guys” in computer security — hackers and other digital troublemakers) and broke Java — again and again.

“We kept on breaking it … we were in The Wall Street Journal and USA Today … we were on the front page.” McGraw and the others demonstrated that the programs and software functions that Java made possible could be used for evil as well as good.

They made it known that you have to be able to think like the bad guys in order to stop them. Software security — a field that McGraw helped to found, grow and shape — was born. Years and several successful software security books later, including “Software Security: Building Security In,” released in early 2006, McGraw is at the top of his game. In his work as chief technology officer at Cigital, Inc., he counsels business power players on building and running safer applications and helps keep the technological wheels that drive our world — including banks, cell phones, even cars — spinning smoothly.

David Evans, an associate professor of computer science at the University, has known McGraw for several years. Evans, who led the effort to bring computer science to the College, believes that McGraw is a model for the students who will soon graduate with a computer science degree from the College. “There’s a need for lots of different kinds of computer scientists,” Evans says. McGraw’s ability to communicate and write well on complex topics, as well as his ability to see software in a context, to think about “where the humans are involved,” Evans adds, make McGraw a notably successful computer scientist.

McGraw has a simple way of summing his multidimensional approach to computer science and to life. He says that while some can see only barriers between arts and sciences, between engineering and philosophy, and between business and academia, “I’m a guy who tries to bring those things together as much as possible.”