Chris Wysopal

Chris Wysopal is CTO at Veracode, which he co-founded in 2006. He oversees technology strategy and information security. Prior to Veracode, Chris was vice president of research and development at security consultancy @Stake, which was acquired by Symantec.

In the 1990s, Chris was one of the original vulnerability researchers at The L0pht, a hacker think tank, where he was one of the first to publicize the risks of insecure software. He has testified before the U.S. Congress on the subjects of government security and how vulnerabilities are discovered in software.

Chris holds a bachelor of science degree in computer and systems engineering from Rensselaer Polytechnic Institute. He is the author of The Art of Software Security Testing.

The opinions expressed in this blog are those of Chris Wysopal and do not necessarily represent those of IDG Communications Inc. or its parent, subsidiary or affiliated companies.

Preparing for the professional cybercrime industry

Why executive orders aren't enough to fix cybersecurity

Why executive orders aren't enough to fix cybersecurity

Big-picture executive orders won't get the job done. Here's what we should aspire to do to keep ourselves safe at the application layer

The outlook of application security in 2017

The outlook of application security in 2017

Educated guesses about what the direction of application security and secure development based on code has changed over the last year

The solution for IoT security might be simpler than you think

The solution for IoT security might be simpler than you think

What to do about the systemic risk of IoT devices that spawned the Mirai Botnet

Cybersecurity Awareness Month: Shedding light on application security

Cybersecurity Awareness Month: Shedding light on application security

Debunking application security fallacies for Cybersecurity Awareness Month

Election system hacks: We're focused on the wrong things

Election system hacks: We're focused on the wrong things

Why we should stop worrying about attribution and learn to love secure code

Application security requires more talk than tech

Application security requires more talk than tech

Building a successful AppSec program requires more than just a few updates from the security team. It's a team effort across the whole organization.

When your security products are insecure: Takeaways from the Symantec disclosure

When your security products are insecure: Takeaways from the Symantec disclosure

A reaction to the recent vulnerability disclosure in Symantec products, explaining why they are not a surprise

3 ways an appsec program saves time for developers

3 ways an appsec program saves time for developers

Strong application security program can save time for developers by helping them find vulnerabilities sooner, work with security professionals, and by educating developers on security best practices.

Load More