HOME

TheInfoList



Click Here for Items Related To - Weld Pond
OR:
Weld Pond on:   [Wikipedia]   [Google]   [Amazon]

Chris Wysopal (also known as Weld Pond) is an entrepreneur, computer security expert and co-founder and CTO of
Veracode Veracode is an application security company based in Burlington, Massachusetts. Founded in 2006, it provides SaaS application security that integrates application analysis into development pipelines. The company provides multiple security analys ...
. He was a member of the high-profile
hacker A hacker is a person skilled in information technology who uses their technical knowledge to achieve a goal or overcome an obstacle, within a computerized system by non-standard means. Though the term ''hacker'' has become associated in popu ...
think tank A think tank, or policy institute, is a research institute that performs research and advocacy concerning topics such as social policy, political strategy, economics, military, technology, and culture. Most think tanks are non-governmental ...
the
L0pht L0pht Heavy Industries (pronounced "loft") was a hacker collective active between 1992 and 2000 and located in the Boston, Massachusetts area. The L0pht was one of the first viable hackerspaces in the US, and a pioneer of responsible disclosure. ...
where he was a vulnerability researcher. Chris Wysopal was born in 1965 in
New Haven, Connecticut New Haven is a city in the U.S. state of Connecticut. It is located on New Haven Harbor on the northern shore of Long Island Sound in New Haven County, Connecticut and is part of the New York City metropolitan area. With a population of 134,023 ...
, his mother an educator and his father an engineer. He attended
Rensselaer Polytechnic Institute Rensselaer Polytechnic Institute () (RPI) is a private research university in Troy, New York, with an additional campus in Hartford, Connecticut. A third campus in Groton, Connecticut closed in 2018. RPI was established in 1824 by Stephen Va ...
in
Troy, New York Troy is a city in the U.S. state of New York and the county seat of Rensselaer County. The city is located on the western edge of Rensselaer County and on the eastern bank of the Hudson River. Troy has close ties to the nearby cities of Albany ...
where he received a
bachelor's degree A bachelor's degree (from Middle Latin ''baccalaureus'') or baccalaureate (from Modern Latin ''baccalaureatus'') is an undergraduate academic degree awarded by colleges and universities upon completion of a course of study lasting three to six ...
in computer and systems engineering in 1987.


Career

He was the seventh member to join the L0pht. His development projects there included
Netcat netcat (often abbreviated to nc) is a computer networking utility for reading from and writing to network connections using TCP or UDP. The command is designed to be a dependable back-end that can be used directly or easily driven by other pr ...
and
L0phtCrack L0phtCrack is a password auditing and recovery application originally produced by Mudge from L0pht Heavy Industries. It is used to test password strength and sometimes to recover lost Microsoft Windows passwords, by using dictionary, brute- ...
for Windows. He was also
webmaster A webmaster is a person responsible for maintaining one or more websites. The title may refer to web architects, web developers, site authors, website administrators, website owners, website coordinators, or website publishers. The duties of ...
/graphic designer for the
L0pht L0pht Heavy Industries (pronounced "loft") was a hacker collective active between 1992 and 2000 and located in the Boston, Massachusetts area. The L0pht was one of the first viable hackerspaces in the US, and a pioneer of responsible disclosure. ...
website and for Hacker News Network, the first hacker
blog A blog (a truncation of "weblog") is a discussion or informational website published on the World Wide Web consisting of discrete, often informal diary-style text entries (posts). Posts are typically displayed in reverse chronological order ...
. He researched and published security advisories on vulnerabilities in Microsoft Windows,
Lotus Domino HCL Notes (formerly IBM Notes and Lotus Notes; see Branding below) and HCL Domino (formerly IBM Domino and Lotus Domino) are the client and server, respectively, of a collaborative client-server software platform formerly sold by IBM, now by ...
,
Microsoft IIS Internet Information Services (IIS-pronounced 2S, formerly Internet Information Server) is an extensible web server software created by Microsoft for use with the Windows NT family. IIS supports HTTP, HTTP/2, HTTPS, FTP, FTPS, SMTP and ...
, and
ColdFusion Adobe ColdFusion is a commercial rapid web-application development computing platform created by J. J. Allaire in 1995. (The programming language used with that platform is also commonly called ColdFusion, though is more accurately known as ...
. Weld was one of the seven L0pht members who testified before a
Senate A senate is a deliberative assembly, often the upper house or chamber of a bicameral legislature. The name comes from the ancient Roman Senate (Latin: ''Senatus''), so-called as an assembly of the senior (Latin: ''senex'' meaning "the e ...
committee in 1998 that they could bring down the
Internet The Internet (or internet) is the global system of interconnected computer networks that uses the Internet protocol suite (TCP/IP) to communicate between networks and devices. It is a ''internetworking, network of networks'' that consists ...
in 30 minutes. When L0pht was acquired by
@stake ATstake, Inc. was a computer security professional services company in Cambridge, Massachusetts, United States. It was founded in 1999 by Battery Ventures (Tom Crotty, Sunil Dhaliwal, and Scott Tobin) and Ted Julian. Its initial core team of techno ...
in 1999 he became the manager of @stake's Research Group and later @stake's
Vice President A vice president, also director in British English, is an officer in government or business who is below the president (chief executive officer) in rank. It can also refer to executive vice presidents, signifying that the vice president is o ...
of
Research and Development Research and development (R&D or R+D), known in Europe as research and technological development (RTD), is the set of innovative activities undertaken by corporations or governments in developing new services or products, and improving existi ...
. In 2004 when @stake was acquired by Symantec he became its Director of Development. In 2006 he founded
Veracode Veracode is an application security company based in Burlington, Massachusetts. Founded in 2006, it provides SaaS application security that integrates application analysis into development pipelines. The company provides multiple security analys ...
with Christien Rioux and serves as CTO. In 2017 Veracode was acquired by CA Technology for $614M. Veracode was subsequently spun out and became independent once again by being purchased by Thoma Bravo for $950M. Wysopal continues to serve as CTO. In 2018 Wysopal joined the Humanyze board of directors. Wysopal was instrumental in developing industry guidelines for
responsible disclosure In computer security, coordinated vulnerability disclosure, or "CVD" (formerly known as responsible disclosure) is a vulnerability disclosure model in which a vulnerability or an issue is disclosed to the public only after the responsible parties ...
of software vulnerabilities. He was a contributor to
RFPolicy The RFPolicy states a method of contacting vendors about security vulnerabilities found in their products. It was originally written by hacker and security consultant Rain Forest Puppy. The policy gives the vendor five working days to respond to ...
, the first vulnerability disclosure policy. Together with Steve Christey of
MITRE The mitre (Commonwealth English) (; Greek: μίτρα, "headband" or "turban") or miter (American English; see spelling differences), is a type of headgear now known as the traditional, ceremonial headdress of bishops and certain abbots in t ...
he proposed an
IETF The Internet Engineering Task Force (IETF) is a standards organization for the Internet and is responsible for the technical standards that make up the Internet protocol suite (TCP/IP). It has no formal membership roster or requirements and ...
RFC titled "Responsible Vulnerability Disclosure Process" in 2002. The process was eventually rejected by the IETF as not within their purview but the process did become the foundation fo
Organization for Internet Safety
an industry group bringing together software
vendor In a supply chain, a vendor, supplier, provider or a seller, is an enterprise that contributes goods or services. Generally, a supply chain vendor manufactures inventory/stock items and sells them to the next link in the chain. Today, these terms ...
s and security
researcher Research is "creative and systematic work undertaken to increase the stock of knowledge". It involves the collection, organization and analysis of evidence to increase understanding of a topic, characterized by a particular attentiveness t ...
s of which he was a founder. In 2001 he founded the non-profit full disclosure mailing list VulnWatch for which was
moderator Moderator may refer to: Government *Moderator (town official), elected official who presides over the Town Meeting form of government Internet *Internet forum#Moderators, Internet forum moderator, a person given special authority to enforce the ...
. In 2003 he testified before a
United States House of Representatives The United States House of Representatives, often referred to as the House of Representatives, the U.S. House, or simply the House, is the lower chamber of the United States Congress, with the Senate being the upper chamber. Together the ...
subcommittee on the topic of vulnerability research and disclosure. In 2008 Wysopal was recognized for his achievements in the IT industry by being named one of the 100 Most Influential People in IT by
eWeek ''eWeek'' (''Enterprise Newsweekly'', stylized as ''eWEEK''), formerly PCWeek, is a technology and business magazine. Previously owned by QuinStreet; Nashville, Tennessee marketing company TechnologyAdvice acquired eWeek in 2020. The print e ...
and selected as one of the InfoWorld CTO 25. In 2010 he was named a SANS Security Thought Leader. In 2012, he began serving on the Black Hat Review Board. He was named one of the Top 25 Disruptors of 2013 by Computer Reseller News. In 2014 he was named one of 5 Security Thought Leaders by SC Magazine.


Patents

U.S. Patent 10,275,600
Assessment and analysis of software security flaws

Automated behavioral and static analysis using an instrumented sandbox and machine learning classification for mobile security

Assessment and analysis of software security flaws in virtual machines


Publications

* * *Wysopal, Chris; Geer, Dan (August 2013)
For Good Measure: Security Debt
;login: The USENIX Magazine. *Wysopal, Chris (September, 2012)
Software Security Varies Greatly
Datenschutz und Datensicherheit - DuD. *Wysopal, Chris; Shields, Tyler; Eng, Chris (February 24, 2010)
Static Detection of Application Backdoors
Datenschutz und Datensicherheit - DuD.


References

{{DEFAULTSORT:Wysopal, Chris L0pht People associated with computer security Rensselaer Polytechnic Institute alumni Living people 1965 births