Chris Wysopal

Chris Wysopal, co-founder and CTO of CA Veracode, is recognized as an expert and a well-known speaker in the information security field. He has given keynotes at computer security events and has testified on Capitol Hill on the subjects of government computer security and how vulnerabilities are discovered in software. His opinions on Internet security are highly sought after and most major print and media outlets have featured stories on Mr. Wysopal and his work. At CA Veracode, Mr. Wysopal is responsible for the security analysis capabilities of CA Veracode technology.
Posts by Chris Wysopal

Application Security Debt and Application Interest Rates

February 25, 2011  | Research 3

Technical Debt Architects and developers are well aware of the term technical debt but many in the security community have never heard of this concept. Ward Cunningham, a programmer who developed the first wiki program, describes it like this: Shipping first time code is like going into debt. A little debt speeds development so long as it is paid back promptly with a rewrite... The danger occurs... READ MORE

CA Veracode Recognized as a Leader in the Magic Quadrant for Static Application Security Testing

December 15, 2010  | Research

The 2010 Gartner Magic Quadrant for Static Application Security Testing (SAST) has been published and CA Veracode is recognized as a leader. We are pleased to be able to share the leaders position with IBM and HP, two of the biggest and oldest companies in information technology. I am very proud of the work the CA Veracode team has been able to accomplish as a 4.5 year old company. To get our... READ MORE

Mobile App Top 10 List

December 13, 2010  | Research

The Top 10 Mobile Application Risks, or “Mobile App Top 10” for short, is designed to educate developers and security professionals about the mobile application behavior that puts users at risk. This behavior can be maliciously designed or inadvertent. Modern mobile applications run on mobile devices that have the functionality of a desktop or laptop running a general purpose... READ MORE

CA Veracode Research Team Gives 5 Predictions for 2011

December 8, 2010  | Research

As we close out a security eventful 2010, the CA Veracode research team though it would be a good idea to think about what we are likely to see happen in 2011. Here are 5 predictions we believe will have a very good chance of coming true. 1. Sandboxing goes mainstream with adoption by Firefox and Internet Explorer Sandboxing can prevent the exploitation of coding errors by preventing code running... READ MORE

More Vulnerabilities Discovered in Siemens Software

September 27, 2010  | Research

When the Stuxnet worm that attacks Siemens SIMATIC systems was first discovered and made public, one of the first vulnerabilities in the software that was found was a hard coded password. This allowed Stuxnet to steal project information from databases used by Siemens SIMATIC systems. Symantec researchers have found another vulnerability which allows Stuxnet to spread via project files used by... READ MORE

The Sparsely Attended Sept 12, 2001 Hearing: "How Secure Is Our Critical Infrastructure?"

September 22, 2010  | Research

A little over a week ago it was the 9th anniversary of the 9-11 attack against the US. The following day, September 12th, 2001, I was scheduled to testify before the US Senate Committee on Governmental Affairs for a hearing titled, "How Secure is Our Critical Infrastructure?" The hearing went on but no one outside of DC was able to get there in time. The following is the written... READ MORE

Deadly Combo: Zero Day Application Vulnerability + OS Vulnerability = Attacker Win

July 22, 2010  | Research 7

The recent Siemens WinCC SCADA targeted malware packages an zero day application vulnerability with a zero day OS vulnerability. The OS vulnerability in Windows creates a worm capability to get to the target and once on the target the application vulnerability allows compromise of the application's data. The vulnerabilities are used in stages: Stage 1: Use a Windows OS vulnerability for... READ MORE

Website Vulnerability Research and Disclosure

June 14, 2010  | Research 5

Vulnerability disclosure is in the spotlight again. First it was Tavis Ormandy disclosing a vulnerability in Microsoft Windows before Microsoft had a fix available. Now a group called Goatse Security has disclosed a vulnerability in an AT&T website that affects Apple iPad 3G owners. The Wall Street Journal reports on the repercussions against vulnerability researchers in “Computer... READ MORE

Which Tastes Better for Security, Java or .NET?

June 1, 2010  | Research

In his blog, Gartner analyst Neil MacDonald asks the question, "Is .NET More Secure Than Java?". CA Veracode provided data to help answer this question from our "State of Software Security Report" which contains the static analysis results from 1591 Java, .NET and C/C++ applications. .NET comes out slightly ahead. ...the vulnerability density (average flaws per MB of code... READ MORE

MC Frontalot Releases "Zero Day"

April 6, 2010  | Research

"Zero Day" the album that is. Wired has a review. You can read the full lyrics on Frontalot's site. Here is a snippet: Press play, prepare as history is made: "largest hack in one day," all the headlines will say. All out of time, hear the chime from the buzzer. Found this bug on my own, no need for a fuzzer. "It's already too late," spreading as we planned... READ MORE

Love to learn about Application Security?

Get all the latest news, tips and articles delivered right to your inbox.

 

 

 

contact menu