Author

 Chris Wysopal
Twitter
LinkedIn
RSS
E-Mail

Profile of Chris Wysopal

Chief Technology Officer, CA Veracode
Member Since: 2/5/2016
Author
News & Commentary Posts: 4
Comments: 0

Chris Wysopal is chief technology officer at CA Veracode. He oversees technology strategy and information security. Prior to co-founding CA Veracode in 2006, Chris was vice president of research and development at security consultancy @stake, which was acquired by Symantec. In the 1990's, Chris was one of the original vulnerability researchers at The L0pht, a hacker think tank, where he was one of the first to publicize the risks of insecure software. He has testified to the US Congress on the subjects of government security and how vulnerabilities are discovered in software.

Chris received a BS in computer and systems engineering from Rensselaer Polytechnic Institute. He is the author of The Art of Software Security Testing.

Chris is often called upon to download the latest Minecraft mods for his 6-year-old son. An avid photographer and nature-lover, Chris spends his free time hiking the many conservation trails near his home outside Boston.

Articles by Chris Wysopal
WebAuthn, FIDO2 Infuse Browsers, Platforms with Strong Authentication
John Fontana, Standards & Identity Analyst, Yubico,  9/19/2018
New Cold Boot Attack Gives Hackers the Keys to PCs, Macs
Kelly Sheridan, Staff Editor, Dark Reading,  9/13/2018
Yahoo Class-Action Suits Set for Settlement
Dark Reading Staff 9/17/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Flash Poll
The Risk Management Struggle
The Risk Management Struggle
The majority of organizations are struggling to implement a risk-based approach to security even though risk reduction has become the primary metric for measuring the effectiveness of enterprise security strategies. Read the report and get more details today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-17229
PUBLISHED: 2018-09-19
Exiv2::d2Data in types.cpp in Exiv2 v0.26 allows remote attackers to cause a denial of service (heap-based buffer overflow) via a crafted image file.
CVE-2018-17230
PUBLISHED: 2018-09-19
Exiv2::ul2Data in types.cpp in Exiv2 v0.26 allows remote attackers to cause a denial of service (heap-based buffer overflow) via a crafted image file.
CVE-2018-17231
PUBLISHED: 2018-09-19
** DISPUTED ** Telegram Desktop (aka tdesktop) 1.3.14 might allow attackers to cause a denial of service (assertion failure and application exit) via an "Edit color palette" search that triggers an "index out of range" condition. NOTE: this issue is disputed by multiple third par...
CVE-2018-17228
PUBLISHED: 2018-09-19
nmap4j 1.1.0 allows attackers to execute arbitrary commands via shell metacharacters in an includeHosts call.
CVE-2018-8889
PUBLISHED: 2018-09-19
A directory traversal vulnerability in the Connect Service of the BlackBerry Enterprise Mobility Server (BEMS) 2.8.17.29 and earlier could allow an attacker to retrieve arbitrary files in the context of a BEMS administrator account.