Skip to main content

Chris Eng

Chris Eng, Chief Research Officer, is responsible for integrating security expertise into Veracode’s technology. In addition to helping define and prioritize the security feature set of the Veracode service, he consults frequently with customers to discuss and advance their application security initiatives. With over 15 years of experience in application security, Chris brings a wealth of practical expertise to Veracode.

Posts by Chris Eng
  • How One College Professor Is Trying to Address the Cybersecurity Skills Gap

    Software development is ever-evolving, and with that demand for innovation and scale comes the need to ensure software is secure. Many enterprise organizations have invested in AppSec to help them identify security flaws throughout the development process. However, within higher education, secure coding skills are often not part of computer science or software engineering curriculums. At Tufts… READ MORE

Stay up to date on Application Security

  • Abstinence Not Required: Protecting Yourself Until the Privacy Utopia Arrives

    Nude photos of various celebrities were leaked to all corners of the Internet a few short days ago. You already know that by now. Thank you iCloud???? — Kirsten Dunst (@kirstendunst) September 1, 2014 As we wait impatiently for the rest of the gory technical details surrounding the compromise(s), many in the security echo chamber have been debating how we ended up here and whether the celebs… READ MORE

  • Stop Freaking Out About Facebook Messenger

    Facebook recently announced that mobile chat functionality would soon require users to install Facebook Messenger. Fueled by the media, many people have been overreacting about the permissions that Messenger requests before taking time to understand what the true privacy implications were. In a nutshell, Messenger is hardly an outlier relative to the other social media apps on your phone. Why the… READ MORE

  • Agile SDLC Q&A with Chris Eng and Ryan O’Boyle – Part II

    Welcome to another round of Agile SDLC Q&A. Last week Ryan and I took some time to answer questions from our webinar, "Building Security Into the Agile SDLC: View from the Trenches"; in case you missed it, you can see Part I here. Now on to more of your questions! Q. What would you recommend as a security process around continuous build… READ MORE

  • Agile SDLC Q&A with Chris Eng and Ryan O'Boyle - Part I

    Recently, Ryan O’Boyle and I hosted the webinar “Building Security Into the Agile SDLC: View From the Trenches”. We would like to take a minute to thank all those who attended the live broadcast for submitting questions. There were so many questions from our open discussion following the webinar that we wanted to take the time to follow up and answer them. So without further ado, the Q&A. Q.… READ MORE

  • Veracode Picks for BlackHat 2013

    Here we go again. BlackHat time. Where to Find Us Veracode will be exhibiting at Booth #238. Please stop by and see us! Our Picks As usual, a few of us on the Veracode Research team are sharing our picks for the most interesting talks. Some were picked by more than one of us but I've only listed them once to save space. It's cool to see more binary analysis talks making it on to the program.… READ MORE

  • To Be a Secure Developer, Learn the Fundamentals

    When I studied computer science in college, the curriculum wasn’t designed to teach all the different programming languages with the goal of becoming as “multi-lingual” as possible. Instead we focused on conceptual areas -- data structures, machine structures, algorithms, etc. The languages with which you chose to illustrate those concepts were secondary to the concepts themselves. I believe most… READ MORE

  • Android Apps Phoning Home
    January 22, 2013  | Research
    Android Apps Phoning Home

    Last fall, we acquired some cool mobile security technology that we've been feverishly working to integrate and bring to market for a few different use cases. By way of introduction, the Marvin technology gives us a way to quickly assess various characteristics of a mobile app and identify new variants of mobile malware. That's done through a combination of quick static analysis and instrumented… READ MORE

  • Veracode Research at BlackHat 2012

    It's that time of year again. Veracode's security research team and our Chief Scientist will be at the Vegas cons in force this year engaging in the usual roguery. Here's where to see us speaking: Christien Rioux, "Lessons of Binary Analysis", BlackHat, July 26, 10:15am Zach Lanier and Andrew Reiter, "Mapping and Evolution of Android Permissions", BlackHat, July 26, 2:15pm Chris Lytle, "Puzzle… READ MORE

  • Finding the Veracode Research Team at RSA

    We're all getting ready for the yearly RSA pilgrimage. I thought I'd put together a quick post on where you can find Veracode founders and members of the Veracode Research team out at RSA. We're looking forward to some great conversations and networking. Conference Presentations Chris Wysopal, Monday 9:30-10:20am. PANEL: National and International Security Standards -- The Viability of Cross-… READ MORE

Love to learn about Application Security?

Get all the latest news, tips and articles delivered right to your inbox.