U.S. Flag Official website of the Department of Homeland Security

Note: This page is part of the us-cert.gov archive.This document is part of the US-CERT website archive. These documents are no longer updated and may contain outdated information. Links may also no longer function. Please contact info@us-cert.gov if you have any questions about the US-CERT website archive.


Michael Gegick

Michael Gegick received a master's degree in software security from North Carolina State University in 2004. The focus of his research was identifying software vulnerabilities by inspecting the design of software systems.

Michael also earned a doctoral degree in software security from North Carolina State University in 2009. He created and evaluated statistical models that predict the location of vulnerabilities in software systems. The predictive models are available early in the software life cycle and can afford software engineers to build security into the software. He is also interested in analyzing system designs to determine if they adhere to Saltzer and Schroeder's security design principles. Michael's professional activities include participating on program committees and reviewing security literature. Michael has been either a reviewer or co-reviewer for the International Conference on Software Engineering, International Conference on Software Testing, International Conference on Software Reliability Engineering, and MetriSec. Michael also reviewed the following three security books: Software Security: Building Security In (McGraw, 2006), The Art of Software Security Testing: Identifying Software Flaws (Wysopal, Nelson, Dai Zovi, and Dustin, 2006), and Exploiting Online Games: Cheating Massively Distributed Systems (Hoglund/McGraw, 2007). He also has experience in writing proposals for National Science Foundation grants.


Namesort descending Content Areas
Complete Mediation Knowledge/SDLC Process
Defense in Depth Knowledge/SDLC Process
Design Principles Knowledge/SDLC Process
Economy of Mechanism Knowledge/SDLC Process
Failing Securely Knowledge/SDLC Process
Least Common Mechanism Knowledge/SDLC Process
Least Privilege Knowledge/SDLC Process
Never Assuming That Your Secrets Are Safe Knowledge/SDLC Process
Predictive Models for Identifying Software Components Prone to Failure During Security Attacks Best Practices/Measurement
Promoting Privacy Knowledge/SDLC Process
Psychological Acceptability Knowledge/SDLC Process
Reluctance to Trust Knowledge/SDLC Process
Securing the Weakest Link Knowledge/SDLC Process
Separation of Privilege Knowledge/SDLC Process
Back to Top