- Weld Pond
infobox Scientist
name = Chris Wysopal
birth_date = Birth date and age|1965|12|01|df=y
residence =
citizenship =
field =Computer science
work_institutions =L0pht @stake Symantec Veracode
alma_mater =Rensselaer Polytechnic Institute
known_for =Security Chris Wysopal (also known as Weld Pond) is a computer security expert and CTO of Veracode. He was a member of the high profile hacker
think tank , theL0pht where he was a vulnerability researcher.Chris Wysopal was born in
1965 inNew Haven, Connecticut , his mother an educator and his father an engineer. He attendedRensselaer Polytechnic Institute inTroy, New York where he received abachelor's degree in computer systems and engineering in1987 . Wysopal is married to real estate broker Debra Kavaler.Career
He was the seventh member to join the L0pht. His projects there included
L0phtCrack andNetcat for Windows. He was alsowebmaster /graphic designer for the L0pht's web site, and for Hacker News Network (the first hackerblog ). He researched and published security advisories on vulnerabilities inMicrosoft Windows , Lotus Domino, Microsoft IIS, andColdFusion . Weld was one of the seven L0pht members who testified before a Senate committee in1998 that they could bring down theInternet in 30 minutes. When L0pht was acquired by@stake in1999 , he became the manager of @stake's Research Group and later became @stake'sVice President ofResearch and Development . In2004 , when @stake was acquired bySymantec , he became its Director of Development.He was instrumental in developing industry guidelines for disclosing a
software security vulnerability responsibly. He was a contributor to the first vulnerability disclosure policy,RFPolicy . In 2002, along with Steve Christey ofMITRE , he proposed anIETF RFC titled "Responsible Vulnerability Disclosure Process". The process was eventually rejected by the IETF as not within their purview. However, the process did become the foundation for [http://www.oisafety.com/ Organization for Internet Safety] , an industry group bringing together softwarevendor s and securityresearcher s, of which he was a founder. In2003 he testified before aUnited States House of Representatives subcommittee on the topic of vulnerability research and disclosure. In 2001, he founded the non-profit,full disclosure mailing list , VulnWatch, for which was a moderator.In 2008, Chris was recognized for his achievements in the IT industry by being named one of the [http://www.eweek.com/c/a/IT-Management/100-Most-Influential-People-in-IT/4/ 100 Most Influential People in IT] by
eWeek and selected as one of the [http://www.infoworld.com/article/08/06/02/23FE-cto25-wysopal_1.html InfoWorld CTO 25] .Bibliography
Books
*cite book
author = Wysopal, Chris
coauthors = Lucas Nelson, Dino Dai Zovi, Elfriede Dustin
date =November 1 2006
title = The Art of Software Security Testing
edition = (First Edition)
publisher = Addison-Wesley
id = ISBN 0-321-304865-1Articles
* cite news
url=http://news.zdnet.com/2100-9595_22-523048.html
title=Do Security Holes Demand Full Disclosure
last=Wysopal
first=Chris
date=August 16, 2000
publisher=ZDNet News
* cite news
url=http://news.zdnet.com/2100-9595_22-524352.html
title=Why the world needs reverse engineers
last=Wysopal
first=Chris
date=October 9, 2000
publisher=ZDNet News
* cite news
url=http://www.usenix.org/publications/login/2003-12/pdfs/wysopal.pdf
title=Learning Security QA from Vulnerability Researchers
last=Wysopal
first=Chris
date=December 2003
publisher=USENIX ;login:
* cite news
url=http://www.stickyminds.com/s.asp?F=S8260_MAGAZINE_2
title=Case Your Own Joint
last=Wysopal
first=Chris
date=October 2004
publisher=Better Software Magazine
* cite news
url=http://www.usenix.org/publications/login/2004-12/pdfs/code.pdf
title=Putting Trust in Software Code
last=Wysopal
first=Chris
date=December 2004
publisher=USENIX ;login:
* cite news
url=http://www.gcn.com/print/25_21/41397-1.html
title=Government IT security begins at app level
last=Wysopal
first=Chris
date=July 24, 2006
publisher=Government Computer News
* cite news
url=http://www.scmagazineus.com/Building-security-into-your-software-development-lifecycle/article/104705/
title=Building security into your software-development lifecycle
last=Wysopal
first=Chris
date=January 30, 2008
publisher=SC MagazineExternal links
* [http://hsgac.senate.gov/l0pht.htm U.S. Senate Press Release: HEARINGS ANNOUNCED ON COMPUTER SECURITY FAILURES IN GOVERNMENT]
* [http://tools.ietf.org/draft/draft-christey-wysopal-vuln-disclosure/draft-christey-wysopal-vuln-disclosure-00.txt Responsible Vulnerability Disclosure Process]
* [http://www.iwar.org.uk/comsec/resources/worm-virus-defense/wysopal-09-10-03.pdf Hearing on “Worm and Virus Defense: How Can We Protect the Nation’s Computers from These Threats?”]
Wikimedia Foundation. 2010.