Chris Wysopal is CTO at Veracode, which he co-founded in 2006. He oversees technology strategy and information security. Prior to Veracode, Chris was vice president of research and development at security consultancy @Stake, which was acquired by Symantec.
In the 1990s, Chris was one of the original vulnerability researchers at The L0pht, a hacker think tank, where he was one of the first to publicize the risks of insecure software. He has testified before the U.S. Congress on the subjects of government security and how vulnerabilities are discovered in software.
Chris holds a bachelor of science degree in computer and systems engineering from Rensselaer Polytechnic Institute. He is the author of The Art of Software Security Testing.
The opinions expressed in this blog are those of Chris Wysopal and do not necessarily represent those of IDG Communications Inc. or its parent, subsidiary or affiliated companies.
The next few years will see AI tip the scales back and forth between threat actors and security teams protecting the enterprise. Collaboration with government is key to the tech industry coming out ahead.
Some of the most pressing threats to our national security are found not in the physical world, but in cyberspace. It's past time for our nation to adapt to the changing landscape and bring our security infrastructure up to speed.
Using these risky snippets of code has become standard for developers, but what do they actually think about them?
Hint: hit them where it hurts the most – their own personal reputation and livelihood.
The application security headlines of the year 2017 seemed like more of the same grim news, but some AppSec trends are reasons to be hopeful.
There are a lot of ways that companies are missing the mark on AppSec, but there are a lot of ways they aren’t, and we can learn a lot from those that are doing it right.
Component use in development isn’t going away, and neither is its accompanying risk.
DevOps is turning out to be more security-friendly than most pundits predicted.