Picture of David A. Wheeler David A. Wheeler
My professional interests are in improving software development practices for higher-risk software systems (i.e., ones which must be secure, large, and/or safety-critical). My specialties include writing secure programs, vulnerability assessment, open standards, open source software / free software (OSS/FS), Internet/web standards and technologies, and POSIX.
  • PhD in Information Technology, George Mason University (GMU), 2009 (granted 2010)
  • Certificate for Information System Security, GMU, 2000.
  • Design and Analysis of Distributed Protocols, Summer Session, Massachusetts Institute of Technology (MIT), 1994
  • MS in Computer Science, GMU, 1993
  • Certificate for Software Systems Engineering, GMU, 1993
  • Software Capability Evaluation (SCE) Training, Software Engineering Institute (SEI), 1993
  • BS in Electronics Engineering, GMU, 1987 (granted 1988); graduation with distinction

Published books

Public/Published articles
Most of my written work is not publicly available. However, if I can make it publicly available, I try to host it on my website, or at least include a reference to it from my website. Here are some of my publicly-available works, some professional, and some fun:

The insatiably curious can see some interviews of me here: David A. Wheeler on the Current State of Application Security (Trusted Software Alliance); "A visit with the Doctor" on The Dave and Gunnar Show, 2014-05-20; "US government accelerating development and release of open source" with Mark Bohannon, Opensource.com, 2014-04-24; "5 Questions with David A. Wheeler" by Melanie Chernoff, Opensource.com, 2012-07-17; "Linux Security Interview with David A. Wheeler" (LinuxSecurity.com); "Under the Brim Interview with David A. Wheeler" ("Under the Brim" August 2002) (here's Red Hat's copy, though with a copy/paste error about "The Economist" and "The Nation" which I didn't say); "How useful are 'proprietary vs. open source' TCO studies?" by NewsForge (on proprietary vs. OSS/FS TCO studies); and "David A. Wheeler's interview" for FOSDEM 2002.

I've been mentioned way too many times in various news articles and such to even try to give a complete listing. "Still more vulnerabilities in bash? Shellshock becomes whack-a-mole" (Ars Technica) by Sean Gallagher (2014-09-26) is an article summarizing my statements about the shellshock vulnerability. I've been thanked by various folks for my suggestions, such as for my XML expertise while participating in the development of the Open Document standard, and by Eric S. Raymond for contributing "many perceptive criticisms and some case-study material, especially in the design" in his book The Art of Unix Programming. The article Getting FUD Up? Get The Facts by Matt McKenzie praises my article Why Open Source Software / Free Software (OSS/FS)? Look at the Numbers!, saying it's a "jaw-dropping essay" and is "the best compilation of [quantitative] data I've ever seen to support the use of open-source software." Steven J. Vaughan-Nichols' "HP Releases Multi-level Security Services for RHEL5" (01-NOV-2007) cites me as an expert on the relationship between open source software and security. Bruce Schneier's article "Countering 'Trusting Trust'" describes my security work that counters the "trusting trust" attack.

Presentations and teaching
See my page on presentations if you want to learn about my past or future public presentations. I teach part-time at George Mason University, where I'm an adjunct professor in their Department of Computer Science; if you need to email me in that capacity, use the GMU address dwheele4 (at) gmu (dot) edu instead.

Hobbies/Personal Info
My hobbies include chess, singing (bass), and reading (especially science fiction and fact). I also play the piano, guitar, tuba, and baritone horn, though never at the same time. I live in Northern Virginia, near Washington, DC. I'm a Christian; more information about Christianity is available.

Other Stuff
In the mid-1980s I was the maintainer of Scepter of Goth. This was the first commercial multiplayer Role-Playing Game (RPG) in the United States; it may have been the first in the world, depending on how you date the commercialization of Scepter and of Bartle's MUD / British Legends. This was before Internet access was widespread; Scepter was a franchise operation, with each franchise running in a local area (customers would dial into a local franchise). Scepter has influenced many later systems, including many of the multi-million-dollar Massively Multiplayer Online Role-Playing Game (MMORPGs) of today. I haven't been in that business for many years, but people still remember me for that.

Why the middle initial?
I always use my middle initial in anything written (including information on the web), because there are a number of other David Wheelers. For example, David John Wheeler (now deceased) was the creator of the Tiny Encryption Algorithm (TEA) (a somewhat popular encryption algorithm unencumbered by patents), and is credited with co-inventing the subroutine. David E. Wheeler is President of Kineticode, a content management and software development consulting company based in Portland, and is the lead developer for Bricolage (an OSS/FS content management system); you can contact him using the address "david" at justatheory dot com.


My typical bio, if you need it...
Dr. David A. Wheeler is an expert on developing secure software and on open source software. His works include Software Inspection: An Industry Best Practice, Ada 95: The Lovelace Tutorial, Secure Programming for Linux and Unix HOWTO, Fully Countering Trusting Trust through Diverse Double-Compiling (DDC), Why Open Source Software / Free Software (OSS/FS)? Look at the Numbers!, and How to Evaluate OSS/FS Programs.

Here's a longer OSS-specific biography:

Dr. David A. Wheeler works at the Institute for Defense Analyses (IDA); he is an expert on open source software (OSS) and on developing secure software. His works on OSS include "Why Open Source Software / Free Software (OSS/FS)? Look at the Numbers!", "How to Evaluate OSS/FS Programs", "Publicly Releasing Open Source Software Developed for the U.S. Government", and "Open Source Software is Commercial". He also helped develop the U.S. Department of Defense (DoD) policy on OSS. His works on developing secure software include "Secure Programming for Linux and Unix HOWTO" and "Fully Countering Trusting Trust through Diverse Double-Compiling (DDC)". Other works of his include "Software Inspection: An Industry Best Practice" and "Ada 95: The Lovelace Tutorial".

Dr. Wheeler has a PhD in Information Technology, a Master's in Computer Science, a certificate in Information Security, and a B.S. in Electronics Engineering, all from George Mason University (GMU). He lives in Northern Virginia.

Here's a higher-resolution picture of me; you are welcome to use it under the Creative Commons Attribution-ShareAlike 3.0 Unported License (CC-BY-SA), the same license Wikipedia uses.

Public/Published articles
Most of my written work is not publicly available. However, if I can make it publicly available, I try to host it on my personal website, or at least include a reference to it from my website.

See my contact information if you want to contact me. Or, see my personal home page.