Chris Wysopal

Chris Wysopal, co-founder and CTO of Veracode, is recognized as an expert and a well-known speaker in the information security field. He has given keynotes at computer security events and has testified on Capitol Hill on the subjects of government computer security and how vulnerabilities are discovered in software. His opinions on Internet security are highly sought after and most major print and media outlets have featured stories on Mr. Wysopal and his work. At Veracode, Mr. Wysopal is responsible for the security analysis capabilities of Veracode technology.
Posts by Chris Wysopal

Leading the Transformation of Secure Software Development for our Application Economy

April 5, 2017  | Secure Development

When Christien Rioux and I started Veracode more than ten years ago, we did so with the mission of securing the world’s software. We believe all software should undergo some level of security testing. Throughout our history that mission remained constant despite the rapid evolution of how software was built, bought and deployed. You see, though the world was changing, it changed in such a... READ MORE

Airbags and AppSec: Changing the Mindset on Software Security

December 13, 2016  | Managing AppSec

In the early 1960s, cars were unsafe. And the car industry’s attitude was: cars are just unsafe, and that’s the risk you take. But then the public started calling attention to the issue (with some help from Ralph Nader), refusing to simply accept that risk, and things started changing. Regulations emerged, car manufacturers started building security in, and we now have seatbelts,... READ MORE

Vulnerability Hype: No Longer Helping Improve AppSec Awareness

March 25, 2016  | Security News

It used to be a vulnerability was disclosed, a few people who paid attention to such things blogged about it, patches were made, and we went about our day. During this time, not enough people understood the importance of application security and remediating vulnerabilities. It wasn’t mainstream, and it certainly wasn’t considered major news. Application security just wasn’t... READ MORE

No One Technology is a Silver Bullet

September 23, 2015  | Research

Can one approach to application security solve all your problems? Of course this is a silly question as anyone who is tasked with reducing the risk of their application layer knows. The only people who ask this question are vendors … who of course have a vested interest in drumming up business for their offerings. This week we’re all treated to watch this spectacle play out in the... READ MORE

GHOST Highlights How Vulnerable Components Can Haunt an Enterprise

February 2, 2015  | Research

Last week, a security alert was issued disclosing a critical buffer overflow vulnerability on Linux systems. The vulnerability known as GHOST (CVE-2015-0235) impacts applications running on Linux systems using glibc version 2. This is a serious vulnerability because it has a high impact when exploited, and the vulnerability is very widespread, due to the sheer number of public-facing Linux... READ MORE

Shellshock – what you need to know

September 25, 2014  | Research

News of the Bash Bug/Shellshock vulnerability is being widely covered since the Ars Technica article published yesterday afternoon.  There is speculation that this bug is going to be more catastrophic than Heartbleed, and like the much publicized OpenSSL vulnerability, we won’t know the full extent of its impact for some time. There are still some major questions to be answered, but... READ MORE

Coming to a computer near you, SQL: The Sequel

August 8, 2014  | Research

It might sound like a bad movie, but it’s playing out in real life – despite what seems like endless hacks using SQL injections, SQLi related breaches keep turning up like a bad penny. Most recently, Hold Security reported that they discovered a breach by Russian Hacker Ring. While details of this series of breaches are still surfacing, it is time for enterprises to start taking web... READ MORE

Cloud or Not - Third-Party Software Adds Unnecessary Risk

June 13, 2014  | Research

Don't be misled regarding the security implications of cloud-based software.   There’s been some discussion regarding the Cloud Could Triple Odds of $20M Data Breach research findings by Ponemon – so I thought I would weigh in on this issue. Risky software, regardless of deployment method, is what is adding unnecessary risk to organizations. This is especially true with... READ MORE

Improving Software Security Through Vendor Transparency

June 12, 2014  | Research

Chris Wysopal moderates a panel discussion at the FS-ISAC & Bits Annual Summit 2014   According to Gartner, enterprises are getting better at defending traditional network perimeters, so attackers are now targeting the software supply chain. This has made third-party software – including commercial and outsourced applications, third-party frameworks and open source code -- the... READ MORE

Benefits of Binary Static Analysis

May 19, 2014  | Research

1. Coverage, both within applications you build and within your entire application portfolio One of the primary benefits of binary static analysis is that it allows you to inspect all the code in your application. Mobile apps especially have binary components, but web apps, legacy back office and desktop apps do too. You don’t want to only analyze the code you compile from source but also... READ MORE

Love to learn about Application Security?

Get all the latest news, tips and articles delivered right to your inbox.

 

 

 

contact menu