Chris Wysopal

Chris Wysopal, co-founder and CTO of Veracode, is recognized as an expert and a well-known speaker in the information security field. He has given keynotes at computer security events and has testified on Capitol Hill on the subjects of government computer security and how vulnerabilities are discovered in software. His opinions on Internet security are highly sought after and most major print and media outlets have featured stories on Mr. Wysopal and his work. At Veracode, Mr. Wysopal is responsible for the security analysis capabilities of Veracode technology.
Posts by Chris Wysopal

Boston/Cambridge InfoSecurity Events

December 18, 2007

Software Security Weaknesses - Avoiding and Testing Bob Martin is giving a talk tonight at the Boston Software Process Improvement Network (SPIN) meeting on "Software Security Weaknesses - Avoiding and Testing". The meeting is at MITRE in Bedford in the basement conference center of M-Building (the one next to the parking garage). Pizza and discussions at 6pm, talk at 7:10pm. Its open to anyone.... READ MORE

Risk vs Vulnerability

December 18, 2007

George Ou has an interesting analysis of Microsoft OS vs Apple OS vulnerability counts. Anything comparing the security of these two companies becomes controversial. I think that any analysis of vulnerability counts should include a paragraph on risk vs. vulnerabilities to diffuse the Mac fanboys. I might be able to leave my backdoor safely unlocked (a vulnerability) in the suburbs of Boston in... READ MORE

Veracode Makes 10 IT Security Companies to Watch

October 16, 2007

Network World has named Veracode to their 10 IT Security Companies to Watch. Sim Simeonov has some commentary on this is his blog. READ MORE

External Code in the Software Development Process

October 16, 2007

Recently I got a message from Kelley Jackson Higgins of Dark Reading. She was looking for some comments on Fortify Software's new paper on "Cross Build Injection" or "XBI". I had read the paper and, while I think the issues are real, the way they are framed they miss the big picture. So I figured I would partake in a little "XPI", that's "Cross Publicity Injection", and take this opportunity to... READ MORE

Exploits of a Mom

October 10, 2007

XKCD has a funny web security theme today: READ MORE

Friday Hacker Brainstorming

October 5, 2007

Sometimes when you are deep in the forest looking at one branch of one tree, trying to reduce false negative rates for detecting a specific class of software vulnerability, it is useful to step back and look at the forest of what is going on in criminal hacking. Today we were throwing some ideas around the office about hacking techniques we had seen reported. This got the discussion flowing... READ MORE

Security Policy Without Enforcement Doesn't Work

September 13, 2007

One of my first "real" jobs in security back in the 90's was working as an IT security engineer for a government contractor and internet backbone provider. One of our tasks was finding people who bridged the internal network with the internet. We found one guy who had been running his own ecommerce business on our external network. He showed up on our scans because he had 2 network interfaces on... READ MORE

Backdoor Detection in the News

July 26, 2007 3

There has been some talk in the press lately about backdoors due to the recent court case where it was disclosed that federal agents planted a keystroke logger on a suspect’s computer using a trojan program. Many of the articles don’t report on the court case but raise the question as Declan McCullagh titles his article, “Will security firms detect police spyware?” You can see the security cat... READ MORE

Chris Wysopal Interviewed by Christofer Hoff

June 26, 2007

A few days ago Christofer Hoff interviewed me on his blog. We talked about Veracode and the application security industry. Click here to read the interview: Take 5- Five Questions for Chris Wysopal, CTO Veracode   READ MORE

Your Browser Requests To Be Exploited

April 25, 2007

Client-side browser vulnerabilities, the ones that require the browser software on your computer to make a request to a web site hosting a malicious web page, are on a sharp rise. Sophos reports: From January to the end of March, Sophos identified an average of 5,000 new infected webpages every day, indicating that this route to infection is becoming more popular with cybercriminals. and Not all... READ MORE

Love to learn about Application Security?

Get all the latest news, tips and articles delivered right to your inbox.




contact menu