Matt Bishop received his Ph.D. in computer science from Purdue University, where he specialized in computer security, in 1984. He was a research scientist at the Research Institute of Advanced Computer Science and on the faculty at Dartmouth College before joining the Department of Computer Science at the University of California at Davis, where he is a Distinguished Professor.

His main research area is the analysis of vulnerabilities in computer systems, including modeling them, building tools to detect vulnerabilities, and ameliorating or eliminating them. He works in network security, resilience, attribution, policy modeling, software assurance testing, and formal modeling of access control. He worked on numerous analyses of e-voting systems including the RABA study in Maryland, and was one of the two principle investigators of the California Top-to-Bottom Review.

He is a member of the ISSA Hall of Fame, the Cybersecurity Hall of Fame, a Distinguished Member of the ACM, and received the IEEE Computer Society Taylor L. Booth Education Award in 2022.

He co-led the Joint Task Force that developed the 2017 Cybersecurity Curricular Guidelines. His textbook "Computer Security: Art and Science", second edition, was published in 2018 by Addison-Wesley Professional. He teaches programming, operating systems, and computer security.