Matt Bishop received his Ph.D. in computer science from Purdue University, where he specialized in computer security, in 1984. He was a research scientist at the Research Institute of Advanced Computer Science and on the faculty at Dartmouth College before joining the Department of Computer Science at the University of California at Davis.

His main research area is the analysis of vulnerabilities in computer systems, including modeling them, building tools to detect vulnerabilities, and ameliorating or eliminating them. He works in network security, resilience, attribution, policy modeling, software assurance testing, and formal modeling of access control. He worked on numerous analyses of e-voting systems including the RABA study in Maryland, and was one of the two principle investigators of the California Top-to-Bottom Review, which performed a technical review of all electronic voting systems certified in the State of California.

He is active in cybersecurity education, and received the 2022 IEEE Computer Society Taylor L. Booth Education Award. He co-led the Joint Task Force that developed the ACM/IEEE/ASIS SIGSAC/IFIP WG11.8 Cybersecurity Curricular Guidelines. The second edition of his textbook, "Computer Security: Art and Science", was published in November 2018 by Addison-Wesley Professional. He teaches introductory programming, operating systems, and computer security.