David A. Wheeler My professional interests are in improving software development practices for higher-risk software systems (i.e., ones which must be secure, large, and/or safety-critical). My specialties include writing secure programs, vulnerability assessment, open standards, open source software / free software (OSS/FS), Internet/web standards and technologies, and POSIX.

Published books

• Software Inspection: An Industry Best Practice by David A. Wheeler, Bill Brykczynski, and Reginald N. Meeson, Jr. (IEEE Computer Society Press)
• Ada 95: The Lovelace Tutorial by David A. Wheeler (Springer-Verlag)
• Secure Programming for Linux and Unix HOWTO by David A. Wheeler (self-published)

Public/Published articles
Most of my written work is not publicly available. However, if I can make it publicly available, I try to host it on my website, or at least include a reference to it from my website. Here are some of my publicly-available works, some professional, and some fun:

• Security
  • Secure Programming for Linux and Unix HOWTO (information on creating secure software)
  • My developerWorks column "Secure Programmer"
  • "Countering Trusting Trust through Diverse Double-Compiling (DDC)", Proceedings of the Twenty-First Annual Computer Security Applications Conference (ACSAC). This is an academic paper on how to counter the "Trusting Trust" attack, the attack everyone assumed was essentially uncounterable.
  • Fully Countering Trusting Trust through Diverse Double-Compiling (DDC), my PhD dissertation on the same topic
  • Securing Microsoft Windows (for Home and Small Business Users)
  • Software Configuration Management (SCM) Security
  • "Techniques for Cyber Attack Attribution" by David A. Wheeler (Oct 2003); this summarizes various techniques to perform attribution (aka traceback or source tracking) on networks, esp. TCP/IP networks.
  • Co-author of Engineering for System Assurance (NDIA)
• Open Source Software/Free Software (OSS/FS)
  • Why Open Source Software / Free Software (OSS/FS)? Look at the Numbers!
  • How to Evaluate OSS/FS Programs
  • Make Your Open Source Software GPL-Compatible. Or Else
  • Comments on Open Source Software / Free Software (OSS/FS) Software Configuration Management (SCM) systems
  • More than a Gigabuck: Estimating GNU/Linux’s size
  • Linux Program Library HOWTO
  • Linux man pages for uri(7) and the rewrite of man(7) and mdoc(7).
• Mathematical Recreations
  • The Definitive Four Fours Answer Key
  • Way Off Base (discussing weird bases)
  • When Adding and Multiplying are the Same
• Other
  • The Most Important Software Innovations
  • A Garden of Chess Openings
  • Fischer Random Chess (Chess960)

Interviews
The insatiably curious can see some interviews of me here: "5 Questions with David A. Wheeler" by Melanie Chernoff, Opensource.com, 2012-07-17. "Linux Security Interview with David A. Wheeler" (LinuxSecurity.com), "Under the Brim Interview with David A. Wheeler" ("Under the Brim" August 2002) (here's Red Hat's copy, though with a copy/paste error about "The Economist" and "The Nation" which I didn't say), "How useful are 'proprietary vs. open source' TCO studies?" by NewsForge (on proprietary vs. OSS/FS TCO studies), and "David A. Wheeler's interview" for FOSDEM 2002.

Mentions
I've been mentioned way too many times in various news articles and such to even try to give a complete listing. I've been thanked by various folks for my suggestions, such as for my XML expertise while participating in the development of the Open Document standard, and by Eric S. Raymond for contributing "many perceptive criticisms and some case-study material, especially in the design" in his book The Art of Unix Programming. The article Getting FUD Up? Get The Facts by Matt McKenzie praises my article Why Open Source Software / Free Software (OSS/FS)? Look at the Numbers!, saying it's a "jaw-dropping essay" and is "the best compilation of [quantitative] data I've ever seen to support the use of open-source software." Steven J. Vaughan-Nichols' "HP Releases Multi-level Security Services for RHEL5" (01-NOV-2007) cites me as an expert on the relationship between open source software and security. Bruce Schneier's article "Countering 'Trusting Trust'" describes my security work that counters the "trusting trust" attack.

Presentations and teaching
See my page on presentations if you want to learn about my past or future public presentations. I teach part-time at George Mason University, where I'm an adjunct professor in their Department of Computer Science; if you need to email me in that capacity, use the GMU address dwheele4 (at) gmu (dot) edu instead.

Hobbies/Personal Info
My hobbies include chess, singing (bass), and reading (especially science fiction and fact). I also play the piano, guitar, tuba, and baritone horn, though never at the same time. I live in Northern Virginia, near Washington, DC. I'm a Christian; more information about Christianity is available.

Other Stuff
In the mid-1980s I was the maintainer of Scepter of Goth. This was the first commercial multiplayer Role-Playing Game (RPG) in the United States; it may have been the first in the world, depending on how you date the commercialization of Scepter and of Bartle's MUD / British Legends. This was before Internet access was widespread; Scepter was a franchise operation, with each franchise running in a local area (customers would dial into a local franchise). Scepter has influenced many later systems, including many of the multi-million-dollar Massively Multiplayer Online Role-Playing Game (MMORPGs) of today. I haven't been in that business for many years, but people still remember me for that.

Why the middle initial?
I always use my middle initial in anything written (including information on the web), because there are a number of other David Wheelers. For example, David John Wheeler (now deceased) was the creator of the Tiny Encryption Algorithm (TEA) (a somewhat popular encryption algorithm unencumbered by patents), and is credited with co-inventing the subroutine. David E. Wheeler is President of Kineticode, a content management and software development consulting company based in Portland, and is the lead developer for Bricolage (an OSS/FS content management system); you can contact him using the address "david" at justatheory dot com.

Biographies

My typical bio, if you need it...
Dr. David A. Wheeler is an expert on developing secure software and on open source software. His works include Software Inspection: An Industry Best Practice, Ada 95: The Lovelace Tutorial, Secure Programming for Linux and Unix HOWTO, Fully Countering Trusting Trust through Diverse Double-Compiling (DDC), Why Open Source Software / Free Software (OSS/FS)? Look at the Numbers!, and How to Evaluate OSS/FS Programs.

Here's a longer OSS-specific biography:

Dr. David A. Wheeler works at the Institute for Defense Analyses (IDA); he is an expert on open source software (OSS) and on developing secure software. His works on OSS include Why Open Source Software / Free Software (OSS/FS)? Look at the Numbers!, How to Evaluate OSS/FS Programs, Publicly Releasing Open Source Software Developed for the U.S. Government, and Open Source Software is Commercial. His works on developing secure software include Secure Programming for Linux and Unix HOWTO and Fully Countering Trusting Trust through Diverse Double-Compiling (DDC). Other works of his include Software Inspection: An Industry Best Practice and Ada 95: The Lovelace Tutorial.

Dr. Wheeler has a PhD in Information Technology, a Master's in Computer Science, a certificate in Information Security, and a B.S. in Electronics Engineering, all from George Mason University (GMU). He lives in Northern Virginia.

Here's a higher-resolution picture of me.

Public/Published articles
Most of my written work is not publicly available. However, if I can make it publicly available, I try to host it on my personal website, or at least include a reference to it from my website.

See my contact information if you want to contact me. Or, see my personal home page.