Chris Wysopal

Chris Wysopal, co-founder and CTO of Veracode, is recognized as an expert and a well-known speaker in the information security field. He has given keynotes at computer security events and has testified on Capitol Hill on the subjects of government computer security and how vulnerabilities are discovered in software. His opinions on Internet security are highly sought after and most major print and media outlets have featured stories on Mr. Wysopal and his work. At Veracode, Mr. Wysopal is responsible for the security analysis capabilities of Veracode technology.
Posts by Chris Wysopal

Top 4 Ways Veracode Integrations Make Security's Job Easier

August 23, 2017  | Managing AppSec

The Veracode Application Security Platform integrates seamlessly with the development, security and risk-tracking tools you already use. And, our flexible API allows you to create your own custom integrations or use community integrations, built by the open source community and other technology partners. But what do these integrations mean for a security professional charged with AppSec? How do... READ MORE

WannaCry Ransomware Attack Is a Symptom of a Much Bigger Problem

May 15, 2017  | Secure Development | Security News

WannaCry Ransomware Attack

In the wake of one of the largest-ever cyberattacks – the fast-spreading WannaCry ransomware, which hit over 300,000 computers in 150 countries – it’s important to look at what went wrong and how to prevent it from happening again. Yet as we look for lessons from this devastating attack, it would be a mistake to see WannaCry as just a really destructive form of ransomware – it is a sign of latent... READ MORE

Leading the Transformation of Secure Software Development for our Application Economy

April 5, 2017  | Secure Development

When Christien Rioux and I started Veracode more than ten years ago, we did so with the mission of securing the world’s software. We believe all software should undergo some level of security testing. Throughout our history that mission remained constant despite the rapid evolution of how software was built, bought and deployed. You see, though the world was changing, it changed in such a... READ MORE

Airbags and AppSec: Changing the Mindset on Software Security

December 13, 2016  | Managing AppSec

In the early 1960s, cars were unsafe. And the car industry’s attitude was: cars are just unsafe, and that’s the risk you take. But then the public started calling attention to the issue (with some help from Ralph Nader), refusing to simply accept that risk, and things started changing. Regulations emerged, car manufacturers started building security in, and we now have seatbelts,... READ MORE

Vulnerability Hype: No Longer Helping Improve AppSec Awareness

March 25, 2016  | Security News

It used to be a vulnerability was disclosed, a few people who paid attention to such things blogged about it, patches were made, and we went about our day. During this time, not enough people understood the importance of application security and remediating vulnerabilities. It wasn’t mainstream, and it certainly wasn’t considered major news. Application security just wasn’t... READ MORE

No One Technology is a Silver Bullet

September 23, 2015  | Research

Can one approach to application security solve all your problems? Of course this is a silly question as anyone who is tasked with reducing the risk of their application layer knows. The only people who ask this question are vendors … who of course have a vested interest in drumming up business for their offerings. This week we’re all treated to watch this spectacle play out in the... READ MORE

GHOST Highlights How Vulnerable Components Can Haunt an Enterprise

February 2, 2015  | Research

Last week, a security alert was issued disclosing a critical buffer overflow vulnerability on Linux systems. The vulnerability known as GHOST (CVE-2015-0235) impacts applications running on Linux systems using glibc version 2. This is a serious vulnerability because it has a high impact when exploited, and the vulnerability is very widespread, due to the sheer number of public-facing Linux... READ MORE

Shellshock – what you need to know

September 25, 2014  | Research

shellshock-a-bug-called-bash.png News of the Bash Bug/Shellshock vulnerability is being widely covered since the Ars Technica article published yesterday afternoon.  There is speculation that this bug is going to be more catastrophic than Heartbleed, and like the much publicized OpenSSL vulnerability, we won’t know the full extent of its impact for some time. There are... READ MORE

Coming to a computer near you, SQL: The Sequel

August 8, 2014  | Research

It might sound like a bad movie, but it’s playing out in real life – despite what seems like endless hacks using SQL injections, SQLi related breaches keep turning up like a bad penny. GI-Joe.jpg Most recently, Hold Security reported that they discovered a breach by Russian Hacker Ring. While details of this series of breaches are still surfacing, it is time for... READ MORE

Cloud or Not - Third-Party Software Adds Unnecessary Risk

June 13, 2014  | Research

cloud-security-concerns-300x223_2.jpg Don't be misled regarding the security implications of cloud-based software.   There’s been some discussion regarding the Cloud Could Triple Odds of $20M Data Breach research findings by Ponemon – so I thought I would weigh in on this issue. Risky software, regardless of deployment method, is what is adding unnecessary... READ MORE

Love to learn about Application Security?

Get all the latest news, tips and articles delivered right to your inbox.

 

 

 

contact menu