Throughout his career, Eric Baize has been passionate about building security and privacy into systems and technology from design to deployment. He currently leads Dell EMC’s Product Security Office and serves as Chairman of SAFECode, an industry-led non-profit organization dedicated to advancing software and supply chain security best practices.

At Dell EMC, Eric leads the team that sets the standards and practices for all aspects of product security for the product portfolio: Vulnerability response, secure development, consistent security architecture, and code integrity.

Eric joined Dell through its combination with EMC where he built EMC’s highly successful product security program from the ground up and was a founding member of the leadership team that drove EMC’s acquisition of RSA Security in 2006. He later led RSA’s strategy for cloud and virtualization. Prior to joining EMC in 2002, Eric held various positions for Groupe Bull in Europe and in the US.

Eric has been a member of the SAFECode Board of Directors since the organization was founded in 2007 and also serves on the BSIMM Board of Advisors. He holds multiple U.S. patents, has authored international security standards, is a regular speaker at industry conferences and has been quoted in leading print and online news media. Eric holds a Masters of Engineering degree in Computer Science from Ecole Nationale Supérieure des Télécommunications de Bretagne, France and is a Certified Information Security Manager.

Follow Eric Baize on Twitter: @ericbaize

Impact of the GNU C Library getaddrinfo() Buffer Overflow Vulnerability (CVE-2015-7547) on EMC/RSA Products

On February 16, 2016, security researchers publicly disclosed a vulnerability in the Linux glibc library, which is commonly found in Linux-based operating systems. The glibc DNS client side resolver is vulnerable to a stack-based buffer overflow when the getaddrinfo() library function is used (CVE-2015-7547). A remote attacker could create specially … READ MORE

Eric Baize February 21st, 2016

Secure Design in the Limelight

The launch last week of the IEEE Center for Secure Design is an opportunity to remind the industry of the prominent role of secure design in building secure IT products. Security engineering requires three main technical activities: Secure design, secure coding and security testing. Much of emphasis has been put by … READ MORE

Eric Baize September 2nd, 2014

EMC Product Security Sessions at the RSA Conference

This week in San Francisco, tens of thousands of security professionals are gathering for the the RSA Conference. For the seventh year in a row, representatives from EMC’s Product Security Office have been selected by the conference program committee to speak in a session. If you are at the conference, … READ MORE

Eric Baize February 25th, 2014

Building Trust through Product Security

Software powers everything – end-user devices, applications, networks, storage, data centers and clouds – and is therefore taking us into a software-defined world. Can we trust software that powers IT? We must, as we strive for resiliency against outages and advanced threats as well as to meet regulatory compliance.

Eric Baize December 6th, 2013

BSIMM-V: Software Security is Becoming Maintream

This week’s release of the fifth version of the Build Security In Maturity Model (BSIMM-V) reinforces a trend that many of us in the small world of software assurance are witnessing: Developing secure software is no longer the privilege of a few. I have been closely involved with the BSIMM … READ MORE

Eric Baize November 1st, 2013

Software Security Training for All

 Fifteen years ago, a common representation of the hacker was a computer science college student hacking systems from his or her dorm room. Nowadays hackers operate on a different scale; they are more often affiliated to criminal organizations or to nation states than to colleges or universities. The only thing … READ MORE

Eric Baize May 14th, 2013

Secure Product Deployment: A Team Sport

Year after year, studies such as the Verizon Data Breach Investigation Report show software vulnerabilities and misconfiguration among the main data breach causes. At EMC, we operate under the assumption that securing a product in a customer environment is a team sport between the product vendor and the customer deploying … READ MORE

Eric Baize May 4th, 2013
Click to Load More