Chris Wysopal (also known as Weld Pond) is an entrepreneur, computer security expert and co-founder and CTO of

Veracode Veracode is an application security company based in Burlington, Massachusetts. Founded in 2006, it provides SaaS application security that integrates application analysis into development pipelines. The company provides multiple security analy ...

. He was a member of the high-profile

hacker A hacker is a person skilled in information technology who uses their technical knowledge to achieve a goal or overcome an obstacle, within a computerized system by non-standard means. Though the term ''hacker'' has become associated in popu ...

think tank A think tank, or policy institute, is a research institute that performs research and advocacy concerning topics such as social policy, political strategy, economics, military, technology, and culture. Most think tanks are non-governmenta ...

the

L0pht L0pht Heavy Industries (pronounced "loft") was a hacker collective active between 1992 and 2000 and located in the Boston, Massachusetts area. The L0pht was one of the first viable hackerspaces in the US, and a pioneer of responsible disclosure. ...

where he was a vulnerability researcher. Chris Wysopal was born in 1965 in

New Haven, Connecticut New Haven is a city in the U.S. state of Connecticut. It is located on New Haven Harbor on the northern shore of Long Island Sound in New Haven County, Connecticut and is part of the New York City metropolitan area. With a population of 134,02 ...

, his mother an educator and his father an engineer. He attended

Rensselaer Polytechnic Institute Rensselaer Polytechnic Institute () (RPI) is a private research university in Troy, New York, with an additional campus in Hartford, Connecticut. A third campus in Groton, Connecticut closed in 2018. RPI was established in 1824 by Stephen Van ...

Troy, New York Troy is a city in the U.S. state of New York and the county seat of Rensselaer County. The city is located on the western edge of Rensselaer County and on the eastern bank of the Hudson River. Troy has close ties to the nearby cities of Albany a ...

where he received a

bachelor's degree A bachelor's degree (from Middle Latin ''baccalaureus'') or baccalaureate (from Modern Latin ''baccalaureatus'') is an undergraduate academic degree awarded by colleges and universities upon completion of a course of study lasting three to six ...

in computer and systems engineering in 1987.

Career

He was the seventh member to join the L0pht. His development projects there included

Netcat netcat (often abbreviated to nc) is a computer networking utility for reading from and writing to network connections using TCP or UDP. The command is designed to be a dependable back-end that can be used directly or easily driven by other p ...

and

L0phtCrack L0phtCrack is a password auditing and recovery application originally produced by Mudge from L0pht Heavy Industries. It is used to test password strength and sometimes to recover lost Microsoft Windows passwords, by using dictionary, brute-forc ...

for Windows. He was also

webmaster A webmaster is a person responsible for maintaining one or more websites. The title may refer to web architects, web developers, site authors, website administrators, website owners, website coordinators, or website publishers. The duties of ...

/graphic designer for the

website and for Hacker News Network, the first hacker

blog A blog (a truncation of "weblog") is a discussion or informational website published on the World Wide Web consisting of discrete, often informal diary-style text entries (posts). Posts are typically displayed in reverse chronological order ...

. He researched and published security advisories on vulnerabilities in

Microsoft Windows Windows is a group of several proprietary graphical operating system families developed and marketed by Microsoft. Each family caters to a certain sector of the computing industry. For example, Windows NT for consumers, Windows Server for serv ...

Lotus Domino HCL Notes (formerly IBM Notes and Lotus Notes; see Branding below) and HCL Domino (formerly IBM Domino and Lotus Domino) are the client and server, respectively, of a collaborative client-server software platform formerly sold by IBM, now by HCL ...

Microsoft IIS Internet Information Services (IIS-pronounced 2S, formerly Internet Information Server) is an extensible web server software created by Microsoft for use with the Windows NT family. IIS supports HTTP, HTTP/2, HTTPS, FTP, FTPS, SMTP and NNTP. ...

, and

ColdFusion Adobe ColdFusion is a commercial rapid web-application development computing platform created by J. J. Allaire in 1995. (The programming language used with that platform is also commonly called ColdFusion, though is more accurately known as CF ...

. Weld was one of the seven L0pht members who testified before a

Senate A senate is a deliberative assembly, often the upper house or chamber of a bicameral legislature. The name comes from the ancient Roman Senate (Latin: ''Senatus''), so-called as an assembly of the senior (Latin: ''senex'' meaning "the el ...

committee in 1998 that they could bring down the

Internet The Internet (or internet) is the global system of interconnected computer networks that uses the Internet protocol suite (TCP/IP) to communicate between networks and devices. It is a '' network of networks'' that consists of private, pub ...

in 30 minutes. When L0pht was acquired by

@stake ATstake, Inc. was a computer security professional services company in Cambridge, Massachusetts, United States. It was founded in 1999 by Battery Ventures (Tom Crotty, Sunil Dhaliwal, and Scott Tobin) and Ted Julian. Its initial core team of techno ...

in 1999 he became the manager of @stake's Research Group and later @stake's

Vice President A vice president, also director in British English, is an officer in government or business who is below the president (chief executive officer) in rank. It can also refer to executive vice presidents, signifying that the vice president is on t ...

Research and Development Research and development (R&D or R+D), known in Europe as research and technological development (RTD), is the set of innovative activities undertaken by corporations or governments in developing new services or products, and improving existi ...

. In 2004 when @stake was acquired by Symantec he became its Director of Development. In 2006 he founded

with Christien Rioux and serves as CTO. In 2017 Veracode was acquired by CA Technology for $614M. Veracode was subsequently spun out and became independent once again by being purchased by Thoma Bravo for $950M. Wysopal continues to serve as CTO. In 2018 Wysopal joined the Humanyze board of directors. Wysopal was instrumental in developing industry guidelines for

responsible disclosure In computer security, coordinated vulnerability disclosure, or "CVD" (formerly known as responsible disclosure) is a vulnerability disclosure model in which a vulnerability or an issue is disclosed to the public only after the responsible partie ...

software vulnerabilities Vulnerabilities are flaws in a computer system that weaken the overall security of the device/system. Vulnerabilities can be weaknesses in either the hardware itself, or the software that runs on the hardware. Vulnerabilities can be exploited by ...

. He was a contributor to RFPolicy, the first vulnerability disclosure policy. Together with Steve Christey of

MITRE The mitre (Commonwealth English) (; Greek: μίτρα, "headband" or "turban") or miter (American English; see spelling differences), is a type of headgear now known as the traditional, ceremonial headdress of bishops and certain abbots in ...

he proposed an

IETF The Internet Engineering Task Force (IETF) is a standards organization for the Internet and is responsible for the technical standards that make up the Internet protocol suite (TCP/IP). It has no formal membership roster or requirements and a ...

RFC RFC may refer to: Computing * Request for Comments, a memorandum on Internet standards * Request for change, change management * Remote Function Call, in SAP computer systems * Rhye's and Fall of Civilization, a modification for Sid Meier's Civ ...

titled "Responsible Vulnerability Disclosure Process" in 2002. The process was eventually rejected by the IETF as not within their purview but the process did become the foundation fo
Organization for Internet Safety
an industry group bringing together software

vendor In a supply chain, a vendor, supplier, provider or a seller, is an enterprise that contributes goods or services. Generally, a supply chain vendor manufactures inventory/stock items and sells them to the next link in the chain. Today, these terms ...

s and security

researcher Research is " creative and systematic work undertaken to increase the stock of knowledge". It involves the collection, organization and analysis of evidence to increase understanding of a topic, characterized by a particular attentiveness ...

s of which he was a founder. In 2001 he founded the non-profit

full disclosure Full disclosure or Full Disclosure may refer to: Computers * Full disclosure (computer security), in computer security the practice of publishing analysis of software vulnerabilities as early as possible * Full disclosure (mailing list), a mail ...

mailing list A mailing list is a collection of names and addresses used by an individual or an organization to send material to multiple recipients. The term is often extended to include the people subscribed to such a list, so the group of subscribers is re ...

VulnWatch for which was moderator. In 2003 he testified before a

United States House of Representatives The United States House of Representatives, often referred to as the House of Representatives, the U.S. House, or simply the House, is the Lower house, lower chamber of the United States Congress, with the United States Senate, Senate being ...

subcommittee on the topic of vulnerability research and disclosure. In 2008 Wysopal was recognized for his achievements in the IT industry by being named one of the 100 Most Influential People in IT by

eWeek ''eWeek'' (''Enterprise Newsweekly'', stylized as ''eWEEK''), formerly PCWeek, is a technology and business magazine. Previously owned by QuinStreet; Nashville, Tennessee marketing company TechnologyAdvice acquired eWeek in 2020. The print edi ...

and selected as one of the InfoWorld CTO 25. In 2010 he was named a SANS Security Thought Leader. In 2012, he began serving on the Black Hat Review Board. He was named one of the Top 25 Disruptors of 2013 by Computer Reseller News. In 2014 he was named one of 5 Security Thought Leaders by SC Magazine.

Patents

U.S. Patent 10,275,600
Assessment and analysis of software security flaws

Automated behavioral and static analysis using an instrumented sandbox and machine learning classification for mobile security

Assessment and analysis of software security flaws in virtual machines

Publications

* * *Wysopal, Chris; Geer, Dan (August 2013)
For Good Measure: Security Debt
;login: The USENIX Magazine. *Wysopal, Chris (September, 2012)
Software Security Varies Greatly
Datenschutz und Datensicherheit - DuD. *Wysopal, Chris; Shields, Tyler; Eng, Chris (February 24, 2010)
Static Detection of Application Backdoors
Datenschutz und Datensicherheit - DuD.

References

{{DEFAULTSORT:Wysopal, Chris L0pht People associated with computer security Rensselaer Polytechnic Institute alumni Living people 1965 births