Chris “Weldpond” Wysopal
Former l0pht member Co-Founder e CTO Veracode
Chris Wysopal is Co-Founder, Chief Technology Officer at Veracode, which he co-founded in 2006. He oversees security research and technology strategy. Prior to Veracode, Chris was vice president of research and development at security consultancy @stake, which was acquired by Symantec. In the 1990's, Chris was one of the original vulnerability researchers at The L0pht, a hacker think tank, where he was one of the first to publicize the risks of insecure software. He has testified to the US Congress on the subjects of government security and how vulnerabilities are discovered in software. Chris received a BS in computer and systems engineering from Rensselaer Polytechnic Institute. He is the author of The Art of Software Security Testing.
Modern computing is becoming an assembly line making supply chain security critical
Software is no longer delivered on a CD-ROM with occasional updates. Software delivery has become a continuous process for SaaS, mobile and desktop apps with technology suppliers woven in. Open source, service provider APIs, and of course cloud are all woven in and changing continuously. What value is a point in time assessment to understand the risk accepted by the enterprise or software users? Software assessments must become continuous and process based. There is also a need to balance the transparency desired by software users with the needs of vendors to be effective in software delivery and maintenance. We need continuous assessment with the right level of transparency to keep up with our rapidly changing and deeply nested software supply chains.
09h00 às 09h50