HOME

TheInfoList



OR:

Chris Wysopal (also known as Weld Pond) is an entrepreneur, computer security expert and co-founder and CTO of
Veracode Veracode is an application security company based in Burlington, Massachusetts. Founded in 2006, it provides SaaS application security that integrates application analysis into development pipelines. The company provides multiple security analysi ...
. He was a member of the high-profile
hacker A hacker is a person skilled in information technology who achieves goals and solves problems by non-standard means. The term has become associated in popular culture with a security hackersomeone with knowledge of bug (computing), bugs or exp ...
think tank A think tank, or public policy institute, is a research institute that performs research and advocacy concerning topics such as social policy, political strategy, economics, military, technology, and culture. Most think tanks are non-governme ...
the
L0pht L0pht Heavy Industries (pronounced "loft") was a hacker collective active between 1992 and 2000 and located in the Boston, Massachusetts area. The L0pht was one of the first viable hackerspaces in the US, and a pioneer of responsible disclosure. ...
where he was a vulnerability researcher. Chris Wysopal was born in 1965 in
New Haven, Connecticut New Haven is a city of the U.S. state of Connecticut. It is located on New Haven Harbor on the northern shore of Long Island Sound. With a population of 135,081 as determined by the 2020 United States census, 2020 U.S. census, New Haven is List ...
, his mother an educator and his father an engineer. He attended
Rensselaer Polytechnic Institute Rensselaer Polytechnic Institute (; RPI) is a private university, private research university in Troy, New York, United States. It is the oldest technological university in the English-speaking world and the Western Hemisphere. It was establishe ...
in
Troy, New York Troy is a city in and the county seat of Rensselaer County, New York, United States. It is located on the western edge of the county, on the eastern bank of the Hudson River just northeast of the capital city of Albany, New York, Albany. At the ...
where he received a
bachelor's degree A bachelor's degree (from Medieval Latin ''baccalaureus'') or baccalaureate (from Modern Latin ''baccalaureatus'') is an undergraduate degree awarded by colleges and universities upon completion of a course of study lasting three to six years ...
in computer and systems engineering in 1987.


Career

He was the seventh member to join the L0pht. His development projects there included
Netcat netcat (often abbreviated to nc) is a computer networking utility for reading from and writing to network connections using Transmission Control Protocol, TCP or User Datagram Protocol, UDP. The command (computing), command is designed to be a ...
and L0phtCrack for Windows. He was also webmaster/graphic designer for the
L0pht L0pht Heavy Industries (pronounced "loft") was a hacker collective active between 1992 and 2000 and located in the Boston, Massachusetts area. The L0pht was one of the first viable hackerspaces in the US, and a pioneer of responsible disclosure. ...
website and for Hacker News Network, the first hacker
blog A blog (a Clipping (morphology), truncation of "weblog") is an informational website consisting of discrete, often informal diary-style text entries also known as posts. Posts are typically displayed in Reverse chronology, reverse chronologic ...
. He researched and published security advisories on vulnerabilities in
Microsoft Windows Windows is a Product lining, product line of Proprietary software, proprietary graphical user interface, graphical operating systems developed and marketed by Microsoft. It is grouped into families and subfamilies that cater to particular sec ...
,
Lotus Domino HCL Notes (formerly Lotus Notes then IBM Notes) is a proprietary collaborative software platform for Unix ( AIX), IBM i, Windows, Linux, and macOS, sold by HCLTech. The client application is called Notes while the server component is branded ...
,
Microsoft IIS Microsoft IIS (Internet Information Services, IIS, 2S) is an extensible web server created by Microsoft for use with the Windows NT family. IIS supports HTTP, HTTP/2, HTTP/3, HTTPS, FTP, FTPS, SMTP and NNTP. It has been an integral part of th ...
, and
ColdFusion Adobe ColdFusion is a commercial rapid web-application development computing platform created by J. J. Allaire in 1995. (The programming language used with that platform is also commonly called ColdFusion, though is more accurately known as CF ...
. Weld was one of the seven L0pht members who testified before a
Senate A senate is a deliberative assembly, often the upper house or chamber of a bicameral legislature. The name comes from the ancient Roman Senate (Latin: ''Senatus''), so-called as an assembly of the senior (Latin: ''senex'' meaning "the el ...
committee in 1998 that they could bring down the
Internet The Internet (or internet) is the Global network, global system of interconnected computer networks that uses the Internet protocol suite (TCP/IP) to communicate between networks and devices. It is a internetworking, network of networks ...
in 30 minutes. When L0pht was acquired by
@stake ATstake, Inc. (stylized as @stake) was a computer security professional services company in Cambridge, Massachusetts, United States. It was founded in 1999 by Battery Ventures (Tom Crotty, Sunil Dhaliwal, and Scott Tobin) and Ted Julian. Its initi ...
in 1999 he became the manager of @stake's Research Group and later @stake's
Vice President A vice president or vice-president, also director in British English, is an officer in government or business who is below the president (chief executive officer) in rank. It can also refer to executive vice presidents, signifying that the vi ...
of
Research and Development Research and development (R&D or R+D), known in some countries as OKB, experiment and design, is the set of innovative activities undertaken by corporations or governments in developing new services or products. R&D constitutes the first stage ...
. In 2004 when @stake was acquired by
Symantec Symantec may refer to: * Gen Digital, an American consumer software company formerly known as Symantec * Symantec Security, a brand of enterprise security software purchased by Broadcom Broadcom Inc. is an American multinational corporation, ...
he became its Director of Development. In 2006 he founded
Veracode Veracode is an application security company based in Burlington, Massachusetts. Founded in 2006, it provides SaaS application security that integrates application analysis into development pipelines. The company provides multiple security analysi ...
with Christien Rioux and serves as CTO. In 2017 Veracode was acquired by CA Technology for $614M. Veracode was subsequently spun out and became independent once again by being purchased by Thoma Bravo for $950M and later by TA Associates for $2.5B. Wysopal continued on as CTO before transitioning to Chief Security Evangelist in 2024. In 2018 Wysopal joined the Humanyze board of directors. Wysopal was instrumental in developing industry guidelines for
responsible disclosure In computer security, coordinated vulnerability disclosure (CVD, sometimes known as responsible disclosure) is a vulnerability disclosure model in which a vulnerability or an issue is disclosed to the public only after the responsible parties hav ...
of software vulnerabilities. He was a contributor to RFPolicy, the first vulnerability disclosure policy. Together with Steve Christey of
MITRE The mitre (Commonwealth English) or miter (American English; American and British English spelling differences#-re, -er, see spelling differences; both pronounced ; ) is a type of headgear now known as the traditional, ceremonial headdress of ...
he proposed an
IETF The Internet Engineering Task Force (IETF) is a standards organization for the Internet standard, Internet and is responsible for the technical standards that make up the Internet protocol suite (TCP/IP). It has no formal membership roster ...
RFC titled "Responsible Vulnerability Disclosure Process" in 2002. The process was eventually rejected by the IETF as not within their purview but the process did become the foundation fo
Organization for Internet Safety
an industry group bringing together software
vendor In a supply chain, a vendor, supplier, provider or a seller, is an enterprise that contributes goods or services. Generally, a supply chain vendor manufactures inventory/stock items and sells them to the next link in the chain. Today, these term ...
s and security
researcher Research is creative and systematic work undertaken to increase the stock of knowledge. It involves the collection, organization, and analysis of evidence to increase understanding of a topic, characterized by a particular attentiveness to ...
s of which he was a founder. In 2001 he founded the non-profit full disclosure
mailing list A mailing list is a collection of names and addresses used by an individual or an organization to send material to multiple recipients. Mailing lists are often rented or sold. If rented, the renter agrees to use the mailing list only at contra ...
VulnWatch for which was moderator. In 2003 he testified before a
United States House of Representatives The United States House of Representatives is a chamber of the Bicameralism, bicameral United States Congress; it is the lower house, with the U.S. Senate being the upper house. Together, the House and Senate have the authority under Artic ...
subcommittee on the topic of vulnerability research and disclosure. In 2008, Wysopal was recognized for his achievements in the IT industry by being named one of the 100 Most Influential People in IT by
eWeek ''eWeek'' (''Enterprise Newsweekly'', stylized as ''eWEEK''), formerly ''PCWeek'', is a technology and business magazine. Previously owned by Ziff Davis, then sold to QuinStreet. Nashville, Tennessee marketing company TechnologyAdvice acquired ...
and selected as one of the InfoWorld CTO 25. In 2010, he was named a SANS Security Thought Leader. In 2012, he began serving on the Black Hat Review Board. He was named one of the Top 25 Disruptors of 2013 by Computer Reseller News. In 2014, he was named one of 5 Security Thought Leaders by SC Magazine. In 2023, Chris was named a Cybersecurity Visionary by CyberScoop.


Patents

U.S. Patent 10,275,600
Assessment and analysis of software security flaws

Automated behavioral and static analysis using an instrumented sandbox and machine learning classification for mobile security

Assessment and analysis of software security flaws in virtual machines


Publications

* * *Wysopal, Chris; Geer, Dan (August 2013)
For Good Measure: Security Debt
;login: The USENIX Magazine. *Wysopal, Chris (September, 2012)
Software Security Varies Greatly
Datenschutz und Datensicherheit - DuD. *Wysopal, Chris; Shields, Tyler; Eng, Chris (February 24, 2010)
Static Detection of Application Backdoors
Datenschutz und Datensicherheit - DuD.


References

{{DEFAULTSORT:Wysopal, Chris L0pht Hackers Rensselaer Polytechnic Institute alumni Living people 1965 births