Chris Wysopal

134 0

Chris Wysopal, Co-Founder and CTO at Veracode



Articles by Chris Wysopal

Trump Hotels Hit By Third Data Breach

It was reported today that Trump hotels have been hit by a third data breach. The full story can be found on the BBC here.Chris Wysopal, CTO and Co-Founder, Veracode commented below. Chris Wysopal, CTO and Co-Founder at Veracode: “With news that Donald Trump’s hotel chain has been hit by its third data breach in just three years, …

0 comments

Petya Ransomware Comment – How It Spreads / Why Businesses Were Affected

The ransomware is definitely spreading via EternalBlue exploit just like WannaCry. People have found the code in the malware and have seen the EternalBlue exploit traffic on the network.  There are additional spreading vectors that use harvested credentials from machines compromised with EternalBlue. These are used to connect to and run the malware on fully …

0 comments

Vulnerabilities In Symantec And Norton Products

Critical vulnerabilities discovered in Symantec and Norton security products. Here below Chris Wysopal, CTO and co-founder at Veracode, reflecting on how security software is second to worst category of software for application security. Chris Wysopal, CTO and co-founder at Veracode: “The critical vulnerabilities discovered in Symantec and Norton security products are not a surprise – Veracode’s State …

0 comments
Under the Hood Look at LogJam

Badlock Vulnerability

The kerfuffle over naming of vulnerabilities like Badlock and ShellShock misses the mark on why this is a good thing for the industry. Given the sheer volume and scale of the application security problem companies face today, anything that draws attention to the seriousness of the state we’re in is a good thing. I’d argue …

0 comments
Legislation to Force Companies to Reveal Cyber Attack

Legislation to Force Companies to Reveal Cyber Attack

MP Dr Liam Fox call for companies to come clean after cyber attack. Chris Wysopal, CTO and CISO at Veracode have the following comments on it. Chris Wysopal, CTO and CISO at Veracode : “There is no question that responsible disclosure is a good policy, however globally there remains limited precedent for it. In the …

0 comments
4 in 5 Applications Rritten in Web Scripting Languages

4 in 5 Applications Written in Web Scripting Languages Fail OWASP Top 10 Upon First Assessment

Veracode’s Supplement to the 2015 State of Software Security: Focus on Application Development report benchmarks application risk profiles by type of programming language Veracode, a leader in protecting enterprises from today’s pervasive web and mobile application threats, released a supplement to the 2015 State of Software Security: Focus on Application Development, a report based on …

2 comments
security-bugs

Bugs in Mobile Networks Code Discovered

Mobile networks around the world have been penetrated by criminals and governments via bugs in the code that keeps them running. The security holes have been found in a technology known as Signalling System 7 (SS7), which helps to interconnect mobile networks across the globe. Security experts from Veracode and SQR systems have the following …

0 comments
Stagefright Bug

Stagefright Bug Affects 1 Billion Android Devices

The Android Stagefright bug is back and this time, the flaw allows an attacker to hack Android smartphones just by tricking users into visiting a website that contains a malicious multimedia file, either MP3 or MP4. More than 1 Billion Android devices are vulnerable to hackers. Security experts from Tripwire, Veracode and Rapd7 have the following …

1 comment
Vulnerabilities by Reverse Engineering Code

Discouraging Customers from Reporting Vulnerabilities by Reverse Engineering Code

You may have seen the news that Oracle shared a blog post (cache version here – Oracle took it down) in which the CISO essentially told the world to not help them make their software better, that the world should trust them to do it.Chris explains how they are violating license agreements by reverse engineering …

0 comments

Stagefright bug : “This is heartbleed for mobile”

You may have seen news that a vulnerability has been discovered in Android software Stagefright, which lets attackers send malware directly to any device where they know the phone number. Chris Wysopal, CISO and CTO at Veracode, the application security specialists commented on the news that a vulnerability has been discovered in Android software Stagefright. …

0 comments