Skip to main content

Chris Wysopal

Chris Wysopal, co-founder and CTO of Veracode, is recognized as an expert and a well-known speaker in the information security field. He has given keynotes at computer security events and has testified on Capitol Hill on the subjects of government computer security and how vulnerabilities are discovered in software. His opinions on Internet security are highly sought after and most major print and media outlets have featured stories on Mr. Wysopal and his work. At Veracode, Mr. Wysopal is responsible for the security analysis capabilities of Veracode technology.

Posts by Chris Wysopal
  • SQLite Vulnerability May Be Putting Your Applications at Risk

    Late last week, Tencent announced that researchers from its Blade Team had discovered a remote code execution (RCE) vulnerability in SQLite, dubbed Magellan. SQLite is a very popular embedded SQL server. It is one of the components inside many thousands of applications, including the Google Chromium browser. Google has since updated Chromium to contain the fixed version of SQLite, version 3.26.0… READ MORE

Stay up to date on Application Security

  • Veracode at Black Hat Europe 2018

    We recently published the 9th volume of our State of Software Security (SoSS) report, and although there are some bright spots, the overall state of software security remains a work in progress. Nowhere is this more true than in Europe. In separate research conducted earlier this year, we found that organizations in Europe are very aware of and concerned about application security. A staggering… READ MORE

  • What About the Testing You Can't Automate?

    The shift to DevSecOps is altering the security role in some fundamental ways. We’ve seen this new environment changing not only the security team’s tasks and responsibilities, but also their mindset. Specifically, the security team has had to shift from thinking like a “breaker” to thinking like a “builder.” Rather than focusing on auditing the code at the end of the development cycle, they now… READ MORE

  • Looking Ahead to RSA: Why AppSec Will Take Center Stage

    RSA Conference is unquestionably the biggest security event of the year. With so many companies showcasing the latest and greatest in security technology and solutions, it’s very difficult to stand out amongst the crowd. However, in light of recent headlines, it’s evident that securing the software that powers our digital economy will be a major talking point at this year’s show. With that in… READ MORE

  • How to Prevent a Breach From Spring Break

    Spring Break, the latest named vulnerability, is more serious than the moniker implies. Spring Break is a critical remote code execution vulnerability in Pivotal Spring REST, one of the most popular frameworks for building web applications, and the effects of this vulnerability are widespread. A patch for Spring Break has been available since September of last year, but the vulnerability broke… READ MORE

  • Top 4 Ways Veracode Integrations Make Security's Job Easier

    The Veracode Application Security Platform integrates seamlessly with the development, security and risk-tracking tools you already use. And, our flexible API allows you to create your own custom integrations or use community integrations, built by the open source community and other technology partners. But what do these integrations mean for a security professional charged with AppSec? How do… READ MORE

  • WannaCry Ransomware Attack Is a Symptom of a Much Bigger Problem

    In the wake of one of the largest-ever cyberattacks – the fast-spreading WannaCry ransomware, which hit over 300,000 computers in 150 countries – it’s important to look at what went wrong and how to prevent it from happening again. Yet as we look for lessons from this devastating attack, it would be a mistake to see WannaCry as just a really destructive form of ransomware – it is a sign of latent… READ MORE

  • Leading the Transformation of Secure Software Development for our Application Economy

    When Christien Rioux and I started Veracode more than ten years ago, we did so with the mission of securing the world’s software. We believe all software should undergo some level of security testing. Throughout our history that mission remained constant despite the rapid evolution of how software was built, bought and deployed. You see, though the world was changing, it changed in such a way… READ MORE

  • Airbags and AppSec: Changing the Mindset on Software Security

    In the early 1960s, cars were unsafe. And the car industry’s attitude was: cars are just unsafe, and that’s the risk you take. But then the public started calling attention to the issue (with some help from Ralph Nader), refusing to simply accept that risk, and things started changing. Regulations emerged, car manufacturers started building security in, and we now have seatbelts, airbags, and… READ MORE

  • Vulnerability Hype: No Longer Helping Improve AppSec Awareness

    It used to be a vulnerability was disclosed, a few people who paid attention to such things blogged about it, patches were made, and we went about our day. During this time, not enough people understood the importance of application security and remediating vulnerabilities. It wasn’t mainstream, and it certainly wasn’t considered major news. Application security just wasn’t getting the attention… READ MORE

Love to learn about Application Security?

Get all the latest news, tips and articles delivered right to your inbox.