After 23 years at the same company, much of which I was a senior executive and member of the Board of Directors, I am leaving Synopsys on January 4th. Here is the message I sent to staff on November 9th after deciding to leave in September.

Please note that my email address is now gem@garymcgraw.com (change in all places).  Learn more at http://garymcgraw.com.

hi everyone,

After 23 years of working for the same company in various forms, I will be departing Synopsys in January. Synopsys has turned out to be a good home for Cigital. I am pleased with the progress SIG has made since the acquisition two years ago and its direct impact on the growth of software security as a field. Business is booming, cranks are cranking, and the field is exploding. All of that notwithstanding, the time has come for me to move on.

Pardon me as I wax nostalgic for a few lines. Here are seven things that stand out in my mind when I think back over the last twenty or so years I spent with you guys. I had a blast:

  • Taking on Sun, Netscape, and Microsoft directly during the Java Security years (1996-1998)
  • Releasing of ITS4 (It’s the Software Stupid Security Scanner) in 2000 — the world’s first code scanner for security
  • Publishing “Building Secure Software” in 2001 (the first book in the world on software security)
  • Licensing the DARPA-sponsored Cigital technology behind Fortify to Kleiner Perkins in 2004
  • Launching Silver Bullet in 2005
  • Creating the BSIMM measurement tool with Sammy and Brian Chess in 2009
  • Selling Cigital to Synopsys in 2016

All of these things required a cast of hundreds of dedicated people. We built the field of software security together. Over the years I have had the distinct pleasure of watching as the ideas behind software security became a reality. Thanks for that.

What will I do next? I will remain a fiercely independent participant in the software security conversation. I will serve as a Technical Advisor and Board member to forward-thinking firms. I will continue to collect data, make measurements, and do science. And I will dust off my machine learning and AI chops and see what happens when those fields intersect software security.

I am not disappearing from the planet, so keep in touch. My website http://garymcgraw.com will stay up to date. My preferred email is now gem@garymcgraw.com

gem