Skip to main content

Chris Eng

Chris Eng, Chief Research Officer, is responsible for integrating security expertise into Veracode’s technology. In addition to helping define and prioritize the security feature set of the Veracode service, he consults frequently with customers to discuss and advance their application security initiatives. With over 15 years of experience in application security, Chris brings a wealth of practical expertise to Veracode.

Posts by Chris Eng
  • New Year’s Resolution: Do Software Better

    Assuming our civilization isn’t swept away in a Mayan apocalypse, 2012 will soon give way to a New Year. And, with it, new challenges. To get a sense about what those might be, Paul Roberts called three noted security experts - many newsmakers in their own right - and asked them to gaze into the crystal ball and see what might await us in the New Year. First up is... Joshua Corman, Director,… READ MORE

Stay up to date on Application Security

  • DARPA Joins Those Digging Deep Into Software Supply Chain

    Supply chain integrity has always been the “madwoman in the attic” of IT security programs - a problem so complicated and devilish and nasty, that nobody wanted to deal with it. Best to stuff it away and try to forget, right? But when the U.S. Congress starts holding hearings about supply chain security and calling the executives of global technology firms to testify, just pretending… READ MORE

  • The Merchant of Malta: Who’s To Blame When Vulns Fetch A Price?

    There’s a great scene in Shakespeare’s The Merchant of Venice, where Shylock, the reviled money lender, is summoned to court to appear before the Duke of Venice, who is looking for a way that the bankrupt Antonio, the play’s namesake, can be absolved of his bond to Shylock - the now infamous “pound of flesh.” It’s a riveting scene. Bassanio - Antonio’s friend - offers to pay Shylock many times… READ MORE

  • Software Security Needs Its Nate Silver

    Nate Silver, the rock star statistician behind the New York Times FiveThirtyEight blog, became an unwilling player in the heated political rhetoric ahead of the Nov 6. Presidential election. Silver covers politics and other news from the viewpoint of a statistician: putting the rhetoric and the political consultant’s alchemy aside to look at the numbers. Despite a breathless narrative about the… READ MORE

  • Verifiable Voting Loses (Again) On Election Day

    To paraphrase the late President Gerald Ford: “our long national nightmare is not over” - at least when it comes to the integrity of the U.S. voting system. True, Tuesday’s Presidential election in the U.S. didn’t result in deadlocked vote counts, hanging chads or court challenges. But all the ingredients were there. First among them: a hackneyed and insecure vote collection system that fails to… READ MORE

  • California Pushes Mobile App Shops For Clarity on Privacy - But Will it Matter?

    California’s Attorney General issued a warning to mobile developers this week: come clean about what kinds of user data you collect - or else! It was a laudable act - especially in the face of federal government indifference. But more daylight may not make users any safer. After hammering out an agreement with platform providers Amazon, Apple, HP and RIM in February to improve privacy protections… READ MORE

  • Not to Say We Told You So but...Why the Insecure Apps Story Isn’t News (And Isn’t Just About Mobile)

    Two reports out in the last week have raised alarms about the vulnerability of popular applications to man in the middle attacks and other snooping. Alas - this isn’t really a new problem...and it isn’t limited to mobile applications either! The presentations by researchers at the annual Conference on Computer and Communications Security (CCS 2012), (http://www.sigsac.org/ccs/CCS2012/techprogram.… READ MORE

  • Chasing Shadows in the IT Supply Chain

    Has our security been compromised before the shrink wrap is even off the box? The U.S. House of Representatives went on record this month with a warning to U.S. industry of the danger of compromised supply chains. But getting to the bottom of the supply chain threat will require more than just tough talk. Here's a scary thought: what if the biggest threat to the economic- and physical security of… READ MORE

  • Bad Piggies, Graffiti and the IRT

    How bad is Google’s application security problem? Think “New York City in the 1970s.” Just like New York during those dark days, Google faces a myriad of problems: many of its own making. And the Silicon Valley star might consider looking to Gotham for inspiration as it tries to turn things around. Have you ever seen those gritty photos of the New York City subway from the 1970s? You know the… READ MORE

  • Enterprise App Stores: Walled Gardens, or a Security Mirage?

    Enterprise app stores are all the rage, but do they solve the BYOD security conundrum? The short answer: “no.” The trend that Forrester Research famously dubbed the “consumerization of IT” is, just a short time later, accepted practice in the modern workplace. We see it every day, as workers migrate off of older generation cell phones to powerful smart phones like the iPhone and Android devices… READ MORE

Love to learn about Application Security?

Get all the latest news, tips and articles delivered right to your inbox.