Apple has reportedly made another high-profile cybersecurity hire, and his advanced degree says it all: Master of Science in Information Warfare and Systems Engineering from the Naval Postgraduate School.
The company has hired David Rice as its new director of global security, according to several online reports, and he is expected to start in March. Rice has held security posts with the U.S. Navy and National Security Agency, and he's currently executive director of The Monterey Group, a consultancy on a range of cybersecurity issues, such as data protection, risk management, security performance metrics and secure software development.
SECURITY THREATS: Top 10 Web hacking techniques of 2010
The Internet speculation is that Rice is being hired in order to beef up Apple's iOS device security, which initially was lacking for enterprise deployments. But that seems unlikely, at least by itself, given the steady security advances made by Apple with iOS, most recently in iOS 4.0.
Instead, Apple seems to be restructuring the way it approaches software development, creating a culture that's focused from the outset on designing secure software.
For example, Rice is the latest in a string of high-profile security hires for Apple, as noted by CNet.com. In 2009, Apple lured Ivan Krstic from his former post as head of security for the One Laptop Per Child project, to work on securing Mac OS X. In 20010, Apple snagged Window Snyder, formerly Mozilla's security chief, as senior product manager for security, and Jon Callas, former CTO of encryption software maker PGP (now part of Symantec).
Secure software is a topic for which Rice is best known to a larger public: his 2007 book, "Geekonomics: The Real Cost of Insecure Software," and his Geekonomics blog sound the theme that "The toxic effluence of software vulnerabilities leave networks saturated with spam, computers clogged with malware, and servers defoliated of sensitive private data." He argues for a more systemic approach, and a new developer mindset, to creating "resilient" software.
A year ago, Rice teamed with two co-authors to issue "The Rugged Manifesto," calling on software developers to learn and practice secure programming techniques to reduce the number of exploits directed at applications.
His co-authors are Josh Corman, an analyst with The 451 Group, and Jeff Williams, the chairman of OWASP, an organization focused on Web application security. The trio hopes to motivate developers to aspire to rugged ideals for software development and to learn how their code can be more secure. The original manifesto and other resources can be found at the group's Web site.
Rice graduated from the U.S. Naval Academy in 1994 and received a master's degree in Information Warfare and Systems Engineering from the Naval Postgraduate School. He previously worked as a Global Network Vulnerability analyst for the National Security Agency and as a Special Duty Cryptologic officer for the Navy.
John Cox covers wireless networking and mobile computing for "Network World."
Blog RSS feed: http://www.networkworld.com/community/blog/2989/feed