Chris Wysopal

Opinions expressed by ICN authors are their own.

Chris Wysopal is CTO at Veracode, which he co-founded in 2006. He oversees technology strategy and information security. Prior to Veracode, Chris was vice president of research and development at security consultancy @Stake, which was acquired by Symantec.

In the 1990s, Chris was one of the original vulnerability researchers at The L0pht, a hacker think tank, where he was one of the first to publicize the risks of insecure software. He has testified before the U.S. Congress on the subjects of government security and how vulnerabilities are discovered in software.

Chris holds a bachelor of science degree in computer and systems engineering from Rensselaer Polytechnic Institute. He is the author of The Art of Software Security Testing.

The opinions expressed in this blog are those of Chris Wysopal and do not necessarily represent those of IDG Communications Inc. or its parent, subsidiary or affiliated companies.

The ethics of creating secure software

Blockchain only as strong as its weakest link

Blockchain only as strong as its weakest link

The blockchain might be secure, but is all the software interacting with it? In many cases, no. We’ve seen in an increase in cyberattacks due to vulnerabilities in the software side of the blockchain, from wallets to smart contracts...

Keeping the Stars and Stripes secure

Keeping the Stars and Stripes secure

Cybersecurity in the government sector has dominated the headlines the past couple years. Should we be concerned? What’s the reality, how did we get here, and what should government entities focus on moving forward?

The good, the bad & the ugly of using open source code components

The good, the bad & the ugly of using open source code components

Component use in development is here to stay. But so are the vulnerabilities lurking in these code snippets. What do developers think about this? Are they concerned, are they frustrated? What’s their take on this problem? We recently...

How to approach business leaders about cybersecurity when they don’t follow the breach headlines

How to approach business leaders about cybersecurity when they don’t follow the breach headlines

Hint: hit them where it hurts the most – their own personal reputation and livelihood.

3 big application security trends of 2017

3 big application security trends of 2017

The application security headlines of the year 2017 seemed like more of the same grim news, but some appsec trends are reasons to be hopeful.

Application security: what’s working

Application security: what’s working

There are a lot of ways that companies are missing the mark on AppSec, but there are a lot of ways they aren’t, and we can learn a lot from those that are doing it right.

Is 'secure open source component use' an oxymoron?

Is 'secure open source component use' an oxymoron?

Component use in development isn’t going away, and neither is its accompanying risk.

DevOps as an AppSec enabler

DevOps as an AppSec enabler

DevOps is turning out to be more security-friendly than most pundits predicted.

Choose your devsecops team wisely: Your apps depend on it

Choose your devsecops team wisely: Your apps depend on it

How choosing the right team will keep your business secure and help it keep pace with the sprinting speeds demanded by the market.

Preparing for the professional cybercrime industry

Preparing for the professional cybercrime industry

Ransomware is a growing segment of the cybercrime industry and it's driving a lot of changes in the way hackers operate. Businesses need to know what's happening and shift their defensive strategies accordingly.

Why executive orders aren't enough to fix cybersecurity

Why executive orders aren't enough to fix cybersecurity

Big-picture executive orders won't get the job done. Here's what we should aspire to do to keep ourselves safe at the application layer

Load More