Chris Eng

Chris Eng, vice president of research, is responsible for integrating security expertise into Veracode’s technology. In addition to helping define and prioritize the security feature set of the Veracode service, he consults frequently with customers to discuss and advance their application security initiatives. With over 15 years of experience in application security, Chris brings a wealth of practical expertise to Veracode.
Posts by Chris Eng

Abstinence Not Required: Protecting Yourself Until the Privacy Utopia Arrives

September 3, 2014  | Research

Nude photos of various celebrities were leaked to all corners of the Internet a few short days ago. You already know that by now. Thank you iCloud???? — Kirsten Dunst (@kirstendunst) September 1, 2014 As we wait impatiently for the rest of the gory technical details surrounding the compromise(s), many in the security echo chamber have been debating how we ended up here and whether the... READ MORE

Stop Freaking Out About Facebook Messenger

August 12, 2014  | Research

Facebook recently announced that mobile chat functionality would soon require users to install Facebook Messenger. Fueled by the media, many people have been overreacting about the permissions that Messenger requests before taking time to understand what the true privacy implications were. In a nutshell, Messenger is hardly an outlier relative to the other social media apps on your phone. Why the... READ MORE

Agile SDLC Q&A with Chris Eng and Ryan O’Boyle – Part II

April 16, 2014  | Research

Welcome to another round of Agile SDLC Q&A. Last week Ryan and I took some time to answer questions from our webinar, "Building Security Into the Agile SDLC: View from the Trenches"; in case you missed it, you can see Part I here. Now on to more of your questions! Q. What would you recommend as a security process around continuous build? Chris-107x150_33.jpg Chris: It... READ MORE

Agile SDLC Q&A with Chris Eng and Ryan O'Boyle - Part I

April 10, 2014  | Research

Recently, Ryan O’Boyle and I hosted the webinar “Building Security Into the Agile SDLC: View From the Trenches”. We would like to take a minute to thank all those who attended the live broadcast for submitting questions. There were so many questions from our open discussion following the webinar that we wanted to take the time to follow up and answer them. So without further ado... READ MORE

Veracode Picks for BlackHat 2013

July 29, 2013  | Research

Here we go again. BlackHat time. Where to Find Us Veracode will be exhibiting at Booth #238. Please stop by and see us! Our Picks As usual, a few of us on the Veracode Research team are sharing our picks for the most interesting talks. Some were picked by more than one of us but I've only listed them once to save space. It's cool to see more binary analysis talks making it on to the... READ MORE

To Be a Secure Developer, Learn the Fundamentals

June 21, 2013  | Research 3

When I studied computer science in college, the curriculum wasn’t designed to teach all the different programming languages with the goal of becoming as “multi-lingual” as possible. Instead we focused on conceptual areas -- data structures, machine structures, algorithms, etc. The languages with which you chose to illustrate those concepts were secondary to the concepts... READ MORE

Android Apps Phoning Home

January 22, 2013  | Research

Last fall, we acquired some cool mobile security technology that we've been feverishly working to integrate and bring to market for a few different use cases. By way of introduction, the Marvin technology gives us a way to quickly assess various characteristics of a mobile app and identify new variants of mobile malware. That's done through a combination of quick static analysis and instrumented... READ MORE

Veracode Research at BlackHat 2012

July 23, 2012

It's that time of year again. Veracode's security research team and our Chief Scientist will be at the Vegas cons in force this year engaging in the usual roguery. Here's where to see us speaking: Christien Rioux, "Lessons of Binary Analysis", BlackHat, July 26, 10:15am Zach Lanier and Andrew Reiter, "Mapping and Evolution of Android Permissions", BlackHat, July 26, 2:15pm Chris Lytle, "Puzzle... READ MORE

Finding the Veracode Research Team at RSA

February 24, 2012

We're all getting ready for the yearly RSA pilgrimage. I thought I'd put together a quick post on where you can find Veracode founders and members of the Veracode Research team out at RSA. We're looking forward to some great conversations and networking. Conference Presentations Chris Wysopal, Monday 9:30-10:20am. PANEL: National and International Security Standards -- The Viability of Cross-... READ MORE

Delivering Unhappiness

January 16, 2012  | 5

You've probably read by now that online retailer Zappos suffered a security breach affecting over 24 million customers. As a Zappos customer, I received the email last night alerting me about the breach. I got a nearly identical email from their sister company,, as well. This is a clear sign that I buy too many shoes. What's interesting to me about this breach is that Zappos is renowned... READ MORE

Love to learn about Application Security?

Get all the latest news, tips and articles delivered right to your inbox.




contact menu