Biographies of Committee Members and Staff
Daniel Jackson (Chair) is a professor of computer science at the Massachusetts Institute of Technology (MIT). He received an M.A. from Oxford University (1984) in physics and an S.M. (1988) and Ph.D. (1992) from MIT in computer science. He was a software engineer for Logica UK Ltd. (1984-1986) and an assistant professor of computer science at Carnegie Mellon University (1992-1997). He has broad interests in many areas of software engineering, especially in specification and design, critical systems, formal methods, static analysis, and model checking. Dr. Jackson is the author of Software Abstractions: Logic, Language, and Analysis (MIT Press, 2006).
Joshua Bloch is a principal software engineer at Google. Previously he was a distinguished engineer at Sun Microsystems, where he was an architect in the Core Java Platform Group. He wrote the bestselling book Effective Java, winner of the 2002 Jolt Award. He led the design and implementation of many parts of the Java platform, including the collections framework, Tiger language enhancements (JSR-201), annotations (JSR-175), multiprecision arithmetic, preferences (JSR-10), and assertions (JSR-41). Previously he was a senior systems designer at Transarc Corporation, where he designed and implemented many parts of the Encina distributed transaction processing system. He holds a Ph.D. in computer science from Carnegie Mellon University and a B.S. in computer science from Columbia University.
Michael DeWalt is chief scientist, aviation systems, for Certification Services, Inc., a Seattle-area aviation consultancy. Mr. DeWalt is authorized by the FAA, as a consultant designated engineering representative (DER), to approve software for any aircraft system, at any software level. In addition to his DER duties, he helps clients who have unusual project requirements to develop acceptable software-approval techniques. For 11 years, he was the FAA’s national resource specialist for aircraft software. He was responsible for starting the international committee that created DO-178B and served as its secretary. He was also secretary of the committee that created DO-248B and DO-278. Mr. DeWalt has been involved with both civil and military software avionics and certification for 26 years, working for airframe manufacturers and avionics suppliers. In addition to his DER certificate, he has a B.S.E.E., a master’s in software engineering, and a commercial pilot’s license.
Reed Gardner is a professor and chair of the Department of Medical Informatics at the University of Utah. He has been a codirector of medical computing at LDS, Cottonwood, and Alta View Hospitals in Salt Lake City. He is one of the principal developers and evaluators of the medical expert system known as HELP (Health Evaluation through Logical Processing). Dr. Gardner’s primary academic and research interests are evaluating the benefits of medical expert systems as they relate to quality and cost-effectiveness; development of software oversight committee methods for evaluation of safety and effectiveness of medical software and systems; public health informatics; applying computers in intensive-care medicine; and developing devices and communications methods to acquire patient data at the bedside. He is the author or coauthor of more than 300 articles in the fields of medical informatics and engineering. Dr. Gardner has been a journal editor and on the editorial boards of Critical Care Medicine and other critical care journals as well as the Journal of the American Medical Informatics Association (JAMIA). He is a fellow of the American College of Medical Informatics and past president of the American Medical Informatics Association. Dr. Gardner holds a B.S.E.E. from the University of Utah (1960) in electrical engineering and a Ph.D. from the University of Utah (1968) in biophysics and bioengineering.
Peter Lee is a professor of computer science at Carnegie Mellon University. He joined the faculty of Carnegie Mellon’s School of Computer Science in 1987, after completing his doctoral studies at the University of Michigan. He is known internationally for his research contributions in areas related to information assurance, especially the application of programming language technology to operating systems design, networking, and computer security. Dr. Lee is best known for his co-invention of the
proof-carrying code technology for ensuring the security of mobile code. Today, proof-carrying code is the subject of several DARPA- and NSF-sponsored research projects and forms the basis for the products and services provided by Cedilla Systems Incorporated, a Java technology start-up company he cofounded in 1999. Dr. Lee is also the associate dean for undergraduate education in Carnegie Mellon’s School of Computer Science. In this capacity, he has been involved in the administration of Carnegie Mellon’s undergraduate programs in computer science. His tenure as associate dean has seen the undergraduate program rise to national prominence, both for its intensive problem-oriented curriculum and for its success in attracting and retaining women in the field of computer science. He has published extensively in major international symposia and is the author of two books. He has been invited to give distinguished lectures and keynote addresses at major universities and symposia and has been called on as an expert witness in key judicial court cases such as the Sun v. Microsoft “Java lawsuit.” Dr. Lee has also been a member of the Army Science Board since 1997, for which he has served on four major summer studies, and the co-chair of a technology panel for the 2001 Defense Science Board study on defense science and technology. In addition to holding M.S. and Ph.D. degrees in computer and communication sciences, Dr. Lee earned a B.S. in mathematics from the University of Michigan in 1982. He has been a principal investigator on several DARPA, NSF, and NASA grants and contracts.
Steven B. Lipner is senior director of security engineering strategy at Microsoft. He is responsible for defining Microsoft’s Security Development Lifecycle and the plans for its evolution and application to new product generations. His team also defines and executes programs to help Microsoft customers deploy and operate their systems securely. Mr. Lipner has been at Microsoft since 1999. He joined the company after working at Trusted Information Systems, the MITRE Corporation, and Digital Equipment Corporation, among others. He has more than 35 years’ experience in computer and network security as a researcher, development manager, and business unit manager. He holds 11 patents in computer and network security and served two terms as a member of the U.S. Information Security and Privacy Advisory Board. Mr. Lipner is coauthor with Michael Howard of The Security Development Lifecycle. He holds an M.S. (1966) in civil engineering from MIT and attended the Program for Management Development at the Harvard Graduate School of Business Administration.
Charles Perrow is a professor emeritus of sociology at Yale University. He was a vice president of the Eastern Sociological Society; a fellow of
the Center for Advanced Study in the Behavioral Sciences; fellow of the American Academy for the Advancement of Science; resident scholar at the Russell Sage Foundation; fellow, Shelly Cullom Davis Center for Historical Studies; visitor, Institute for Advanced Study; and a former member of the National Research Council’s Committee on Human Factors, the Sociology Panel of the National Science Foundation, and of the editorial boards of several journals. An organizational theorist, he is the author of six books—The Radical Attack on Business; Organizational Analysis: A Sociological View; Complex Organizations: A Critical Essay; Normal Accidents: Living with High Risk Technologies; The AIDS Disaster: The Failure of Organizations in New York and the Nation, with Mauro Guillen; Organizing America: Wealth, Power, and the Origins of American Capitalism—and over 50 articles. His current interests are in managing complexly interactive, tightly coupled systems (including hospitals, nuclear plants, power grids, the space program, and intelligent transportation systems); the challenge and limits of network-centric warfare; self-organizing properties of the Internet, the electric power grid, networks of small firms, and terrorist organizations; and the possibilities for restructuring society to reduce our increasing vulnerability to disasters, whether natural, industrial/technological, or deliberate. These interests grow out of his work on “normal accidents,” with its emphasis on organizational design and systems theory, and reflect current consultations and workshops with NASA, the FAA, Naval War College, DaimlerChrysler, NIH, and NSF.
Jon Pincus is the general manager of strategy development in Microsoft’s Online Services Group, where he leads a broad-based effort to develop, analyze, work for the adoption of, and execute game-changing strategies in the online services space. Key principles include a global focus, user-centricity, attention to perspectives other than the usual ones, virtuous-cycle ecosystems, and leveraging Microsoft’s assets. In his previous role in the Systems and Networking Group at Microsoft Research, he focused on security, privacy, and reliability of software and software-based systems. His major interests include applying perspectives and insights from the social sciences and humanities to the construction and application of these systems (which inevitably blends into cultural issues throughout the disciplines of software engineering and computer science, as well as at Microsoft and other organizations that produce software and systems); measurement of security and privacy; and the exploitation and mitigation of low-level programming defects such as buffer overruns. In his pre-Microsoft days, he was founder and chief technology officer at Intrinsa, which was acquired by Microsoft in 1999 along with PREfix and the rest of the company’s assets. He has also worked in design automation (place-
ment and routing for ICs and CAD frameworks) at GE Calma and EDA Systems.
John Rushby is program director for formal methods and dependable systems at SRI International. He worked at the Atlas Computer Laboratory (now part of the Computation and Information Department of the Central Laboratory of the U.K. Research Councils), as a lecturer in the Computer Science Department at Manchester University, and as a research associate in the Department of Computing Science at the University of Newcastle upon Tyne, before joining SRI in 1983. At SRI, he was successively promoted to computer scientist, senior computer scientist, program manager and, from 1986 to 1990, the acting director of CSL. In 1991 Dr. Rushby assumed his current role as program director. He is interested primarily in the design and assurance of critical systems, including properties such as security and safety, mechanisms such as kernelization and fault tolerance, and formal methods for assurance. He considers the main value of formal methods to lie in their use for constructing mathematical models whose properties can be analyzed and verified by computational means. This has led him to focus on the development of effective tools for formal methods. Dr. Rushby holds a Ph.D. in computer science from the University of Newcastle (1977).
Lui Sha holds a Ph.D. and an M.S. in electrical and computer engineering from Carnegie Mellon University and a B.S.E.E. from McGill University. He is Donald B. Gillies Chair professor of computer science at the University of Illinois at Urbana-Champaign. Before joining UIUC in 1998, he was a senior member of the technical staff at the Software Engineering Institute at Carnegie Mellon University, which he joined in 1986. He is a fellow of the ACM and a fellow of the IEEE for “technical leadership and research contributions which enabled the transformation of real-time computing practice from an ad hoc process to an engineering process based on analytic methods.” He was the chair of the IEEE Real-Time Systems Technical Committee from 1999 to 2000 and received that committee’s Outstanding Technical Contributions and Leadership Award in December 2001. Dr. Sha’s accomplishments are many. He led the development of Generalized Rate Monotonic theory, which has transformed hardware and software open standards in real-time computing; has been supported by nearly all the commercially available real-time operating systems, middleware, and modeling tools; and has been taught in real-time computing courses around the world. His work was cited in the selected accomplishment section of the 1992 National Academy of Science’s report Computing the Future: A Broader Agenda for Computer Science and Engineering. His expertise in dependable real-time computing systems has made him an indis-
pensable resource for many national high-technology projects, including critical assistance to the International Space Station, the Global Positioning System software upgrade, Mars Pathfinder, F-22 avionics stability improvement, and F35 mission system architecture.
Martyn Thomas graduated as a biochemist from University College, London, and immediately entered the computer industry. From 1969 to 1983, he worked in universities (in London and the Netherlands), in industry (designing switching software for STC), and at the South West Universities Regional Computer Centre in Bath. In 1983 (with David Bean), he founded a software engineering company, Praxis, to exploit modern software development methods. In December 1992, Praxis was sold to Deloitte and Touche, an international firm of accountants and management consultants, and Mr. Thomas became a Deloitte Consulting international partner while remaining chair and, later, managing director of Praxis. He left Deloitte Consulting in 1997. Mr. Thomas is now an independent consultant software engineer specializing in the assessment of large, real-time, safety-critical, software-intensive systems, software engineering, and engineering management. He serves as an expert witness where complex software engineering issues are involved. He is a visiting professor in software engineering at the University of Oxford and a visiting professor at the University of Bristol and the University of Wales, Aberystwyth. He has advised the U.K. government and the Commission of the European Union on policy in the fields of software engineering and VLSI design. He has had close links with the academic research community throughout his career, as a member of two University Funding Council research assessments in computer science, numerous international conference program committees, and several U.K. government and Research Council panels and boards. He has been a member of the IT Foresight Panel of the U.K. Government Office of Science and Technology, a member of the advisory board for the DERA Systems and Software Engineering Centre, and a member of the Research Advisory Council of the U.K. Civil Aviation Authority. He is a fellow of the British Computer Society and of the Institution of Engineering and Technology. He currently serves on the Engineering and Technology Strategic Panel of the British Computer Society, the IT sector panel of the IET, the advisory group to the Foresight Cyber Trust and Crime Prevention Project, the executive of the U.K. Computing Research Committee, and as a member of the advisory council of the Foundation for Information Policy Research. He is chair of the steering committee for the U.K. Interdisciplinary Research Collaboration on Dependable Systems (DIRC) and a former member of the the U.K. Engineering and Physical Sciences Research Council. In 2007,
he was awarded the Commander of the Order of the British Empire (CBE) for services to software engineering.
Scott Wallsten is a senior fellow and director of communications policy studies at the Progress and Freedom Foundation (PFF) and also a lecturer in Stanford University’s public policy program. Before joining PFF he was a senior fellow at the American Enterprise Institute (AEI)-Brookings Joint Center for Regulatory Studies and a resident scholar at the AEI. He has also served as an economist at The World Bank, a scholar at the Stanford Institute for Economic Policy Research, and a staff economist at the U.S. President’s Council of Economic Advisers. Dr. Wallsten’s interests include industrial organization and public policy, and his research has focused on regulation, privatization, competition, and science and technology policy. His work has been published in numerous academic journals, including the RAND Journal of Economics, the Journal of Industrial Economics, the Journal of Regulatory Economics, and Regulation, and his commentaries have appeared in newspapers throughout the world. He has a Ph.D. in economics from Stanford University.
David Woods is a professor in the Institute for Ergonomics at the Ohio State University. He was president (1998-1999) and is a fellow of the Human Factors and Ergonomic Society and is also a fellow of the American Psychological Society and the American Psychological Association. He has received the Ely Award for best paper in the journal Human Factors, the Kraft Innovators Award from the Human Factors and Ergonomic Society for developing the foundations of cognitive engineering, a Laurels Award from Aviation Week and Space Technology for research on the human factors of highly automated cockpits, an IBM Faculty Award, and five patents for computerized decision aids. He was on the board of the National Patient Safety Foundation from its founding until 2002 and was associate director of the Midwest Center for Inquiry on Patient Safety (GAPS Center) of the Veterans Health Administration from 1999 to 2003. He is coauthor of the monographs Behind Human Error and A Tale of Two Stories: Contrasting Views of Patient Safety and the books Joint Cognitive Systems: Foundations of Cognitive Systems Engineering and Joint Cognitive Systems: Patterns in Cognitive Systems Engineering, and co-editor of Resilience Engineering. His research includes studies of data overload in control centers, critical care medicine, and inferential analysis; field studies of team work between people; and automation in anesthesiology, aviation, space mission operations, disaster response, and health care. His work on how to make systems resilient to improve safety is based on accident investigations in nuclear power, medicine, and space operations. Multimedia overviews of his research are available at <http://csel.eng.ohio-state.edu/woods/>.
Based on this body of work, he has been an advisor to various government agencies and other organizations on issues pertaining to human performance and error, including the Federal Aviation Administration, Nuclear Regulatory Commission, National Patient Safety Foundation, Veterans Health Administration, and National Science Foundation, and was an advisor to the Columbia Accident Investigation Board. Most recently he served on a National Academy of Engineering/ Institute of Medicine study panel that applied engineering to improve health care systems and on a National Research Council panel that defined the future of the national air transportation system. Dr. Woods earned a Ph.D. from Purdue University in 1979.
Lynette I. Millett is a senior program officer and study director at the Computer Science and Telecommunications Board of the National Academies. She is currently involved in several CSTB projects, including a study on software-intensive systems producibility, an assessment of the Social Security Administration’s e-government strategy, and a comprehensive exploration of biometrics systems, among other things. She was the study director for the CSTB project that produced Who Goes There? Authentication Technologies and Their Privacy Implications and IDs—Not That Easy: Questions About Nationwide Identity Systems. Her portfolio includes significant portions of CSTB’s recent work on software and on identity systems and privacy. She has an M.Sc. in computer science from Cornell University, along with a B.A. in mathematics and computer science with honors from Colby College. Her graduate work was supported by both an NSF graduate fellowship and an Intel graduate fellowship.
David Padgham rejoined CSTB as an associate program officer in the spring of 2006 following nearly 2 years as a policy analyst in the Association for Computing Machinery’s (ACM’s) Washington, D.C., Office of Public Policy, where he worked closely with that organization’s public policy committee, USACM. Previously, Mr. Padgham spent nearly 6 years with CSTB, working on—among other things—the studies that produced Trust in Cyberspace; Funding a Revolution; Broadband: Bringing Home the Bits; LC21: A Digital Strategy for the Library of Congress; and The Internet’s Coming of Age. Currently, he is focused on the CSTB projects related to health care informatics, computing performance, and software dependability. He holds a master’s degree in library and information science from the Catholic University of America in Washington, D.C., and a bachelor of arts degree in English from Warren Wilson College in Asheville, N.C.
Gloria Westbrook recently left the Computer Science and Telecommunications Board where she was a senior program assistant. She previously served as the executive assistant to the directors of the Office of Youth Programs and the Youth Opportunity Grant Program at the D.C. Department of Employment Services (DOES). In 2003, Ms. Westbrook was selected to be the lead administrator of a team that successfully administered a $4 million Summer Youth Employment Program that registered over 5,000 District youth. In addition, Ms. Westbrook has also served as the executive assistant to the director of DOES, where she was appointed by the director to serve as his elite liaison to the D.C. mayor and his cabinet, members of the D.C. Council, and members of Congress. While serving in the Director’s Office, Ms. Westbrook received the Meritorious Service Award and the Workforce Development Administrator’s Award of Appreciation for Dedication of Service. She also became a member of the National Association of Executive Secretaries and Administrative Assistants. She attended Duke Ellington School of the Performing Arts for ballet and went on to further her dance education at the University of the Arts in Philadelphia.
Phil Hilliard was a research associate with the Computer Science and Telecommunications Board until May 2004. He provided research support as part of the professional staff and worked on projects focusing on telecommunications research, supercomputing, and dependable systems. Before joining the National Academies, he worked at BellSouth in Atlanta, Georgia, as a competitive intelligence analyst and at NCR as a technical writer and trainer. He has a master’s in library and information science from Florida State University, an M.B.A. from Georgia State University, and a B.S. in computer and information technology from the Georgia Institute of Technology.
Penelope Smith worked temporarily with the Computer Science and Telecommunications Board between February and July 2004 as a senior program assistant. Prior to joining the National Academies, she worked in rural Angola as a health project manager and community health advisor for Concern Worldwide. She also worked for Emory University as a project coordinator and researcher on reproductive health and HIV and for the Centers for Disease Control as a technology transfer evaluator for HIV/AIDS programs. She earned an M.P.H. from Emory University and a B.A. in medical anthropology from the University of California at Santa Cruz. She is also a certified health education specialist.