- Chris Wysopal
-
Chris Wysopal
Born 1 December 1965 Residence U.S. Citizenship American Fields Computer science Institutions L0pht
@stake
Symantec
VeracodeAlma mater Rensselaer Polytechnic Institute Known for Security Chris Wysopal (also known as Weld Pond) is a computer security expert and CTO of Veracode. He was a member of the high profile hacker think tank the L0pht where he was a vulnerability researcher.
Chris Wysopal was born in 1965 in New Haven, Connecticut, his mother an educator and his father an engineer. He attended Rensselaer Polytechnic Institute in Troy, New York where he received a bachelor's degree in computer systems and engineering in 1987.
Career
He was the seventh member to join the L0pht. His projects there included Netcat and L0phtCrack for Windows. He was also webmaster/graphic designer for the L0pht website and for Hacker News Network, the first hacker blog. He researched and published security advisories on vulnerabilities in Microsoft Windows, Lotus Domino, Microsoft IIS, and ColdFusion. Weld was one of the seven L0pht members who testified before a Senate committee in 1998 that they could bring down the Internet in 30 minutes. When L0pht was acquired by @stake in 1999 he became the manager of @stake's Research Group and later @stake's Vice President of Research and Development. In 2004 when @stake was acquired by Symantec he became its Director of Development.
Wysopal was instrumental in developing industry guidelines for responsible disclosure of software vulnerabilities. He was a contributor to RFPolicy, the first vulnerability disclosure policy. Together with Steve Christey of MITRE he proposed an IETF RFC titled "Responsible Vulnerability Disclosure Process" in 2002. The process was eventually rejected by the IETF as not within their purview but the process did become the foundation for Organization for Internet Safety, an industry group bringing together software vendors and security researchers of which he was a founder. In 2003 he testified before a United States House of Representatives subcommittee on the topic of vulnerability research and disclosure. In 2001 he founded the non-profit full disclosure mailing list VulnWatch for which was moderator.
In 2008 Wysopal was recognized for his achievements in the IT industry by being named one of the 100 Most Influential People in IT by eWeek and selected as one of the InfoWorld CTO 25. In 2010 he was named a SANS Security Thought Leader.
Bibliography
Books
- Wysopal, Chris; Lucas Nelson, Dino Dai Zovi, Elfriede Dustin (November 1, 2006). The Art of Software Security Testing ((First Edition) ed.). Addison-Wesley. ISBN 0-321-304865-1.
Articles
- Wysopal, Chris (August 16, 2000). "Do Security Holes Demand Full Disclosure". ZDNet News. http://www.zdnet.com/news/do-security-holes-demand-full-disclosure/109682.
- Wysopal, Chris (October 9, 2000). "Why the world needs reverse engineers". ZDNet News. http://news.zdnet.com/2100-9595_22-524352.html.
- Wysopal, Chris (December 2003). "Learning Security QA from Vulnerability Researchers" (PDF). USENIX ;login:. http://www.usenix.org/publications/login/2003-12/pdfs/wysopal.pdf.
- Wysopal, Chris (October 2004). "Case Your Own Joint". Better Software Magazine. http://www.stickyminds.com/s.asp?F=S8260_MAGAZINE_2.
- Wysopal, Chris (December 2004). "Putting Trust in Software Code" (PDF). USENIX ;login:. http://www.usenix.org/publications/login/2004-12/pdfs/code.pdf.
- Wysopal, Chris (July 24, 2006). "Government IT security begins at app level". Government Computer News. http://www.gcn.com/print/25_21/41397-1.html.
- Wysopal, Chris (January 30, 2008). "Building security into your software-development lifecycle". SC Magazine. http://www.scmagazineus.com/Building-security-into-your-software-development-lifecycle/article/104705/.
- Wysopal, Chris (October 21, 2008). "Clicking to the Past". SecurityFocus. http://www.securityfocus.com/columnists/483.
- Wysopal, Chris (November 28, 2008). "Standing on Other's Shoulders". SecurityFocus. http://www.securityfocus.com/columnists/486.
- Wysopal, Chris (January 16, 2009). "Time to Take the Theoretical Seriously". SecurityFocus. http://www.securityfocus.com/columnists/490.
- Wysopal, Chris (March 6, 2009). "Contracting for Secure Code". SecurityFocus. http://www.securityfocus.com/columnists/494.
- Wysopal, Chris (April 17, 2009). "Good Obfuscation, Bad Code". SecurityFocus. http://www.securityfocus.com/columnists/498.
External links
- U.S. Senate Press Release: HEARINGS ANNOUNCED ON COMPUTER SECURITY FAILURES IN GOVERNMENT
- @stake's Chris Wysopal to Testify at U.S. House of Representatives Hearing on Worm and Virus Defense
- Responsible Vulnerability Disclosure Process
- Hearing on "Worm and Virus Defense: How Can We Protect the Nation's Computers from These Threats?"
People Kingpin • Mudge • Weld Pond • DilDogTools Associated Organizations Categories:- L0pht
- People associated with computer security
- Rensselaer Polytechnic Institute alumni
- Living people
- 1965 births
Wikimedia Foundation. 2010.