I'm currently chief scientist at Fortify Software where I work on solving software security problems. If you'd like to know more about what I'm up to, take a look at Secure Programming with Static Analysis. (I've created an errata page for the book here.)
Back in grad school, I spent my time investigating the application of extended static checking to the problem of finding security defects. I've written up some notes on Eau Claire, my extended static checker for C.
In a former life I worked on integrated circuit design and manufacturing problems. I was a graduate student in the SCTest group. I worked on fault simulation, ATPG, and diagnosis in the Nemesis system.
