Weld Pond
Encyclopedia
Chris Wysopal is a computer security expert and CTO of Veracode
. He was a member of the high profile hacker
think tank
the L0pht
where he was a vulnerability researcher.
Chris Wysopal was born in 1965 in New Haven, Connecticut
, his mother an educator and his father an engineer. He attended Rensselaer Polytechnic Institute
in Troy, New York
where he received a bachelor's degree
in computer systems and engineering in 1987.
and L0phtCrack
for Windows. He was also webmaster
/graphic designer for the L0pht
website and for Hacker News Network, the first hacker blog
. He researched and published security advisories on vulnerabilities in Microsoft Windows
, Lotus Domino
, Microsoft IIS
, and ColdFusion
. Weld was one of the seven L0pht members who testified before a Senate
committee in 1998 that they could bring down the Internet
in 30 minutes. When L0pht was acquired by @stake
in 1999 he became the manager of @stake's Research Group and later @stake's Vice President
of Research and Development
. In 2004 when @stake was acquired by Symantec
he became its Director of Development.
Wysopal was instrumental in developing industry guidelines for responsible disclosure
of software vulnerabilities. He was a contributor to RFPolicy
, the first vulnerability disclosure policy. Together with Steve Christey of MITRE
he proposed an IETF RFC
titled "Responsible Vulnerability Disclosure Process" in 2002. The process was eventually rejected by the IETF as not within their purview but the process did become the foundation for Organization for Internet Safety, an industry group bringing together software vendors and security researcher
s of which he was a founder. In 2003 he testified before a United States House of Representatives
subcommittee on the topic of vulnerability research and disclosure. In 2001 he founded the non-profit full disclosure
mailing list
VulnWatch for which was moderator.
In 2008 Wysopal was recognized for his achievements in the IT industry by being named one of the 100 Most Influential People in IT by eWeek
and selected as one of the InfoWorld CTO 25. In 2010 he was named a SANS Security Thought Leader.
Veracode
Veracode is a Burlington, Massachusetts-based application security company offering a cloud-based platform for application risk management. Veracode was founded in 2006 by a team of application security practitioners from @stake, Guardent, Symantec, and VeriSign to provide an automated third party...
. He was a member of the high profile hacker
Hacker (computer security)
In computer security and everyday language, a hacker is someone who breaks into computers and computer networks. Hackers may be motivated by a multitude of reasons, including profit, protest, or because of the challenge...
think tank
Think tank
A think tank is an organization that conducts research and engages in advocacy in areas such as social policy, political strategy, economics, military, and technology issues. Most think tanks are non-profit organizations, which some countries such as the United States and Canada provide with tax...
the L0pht
L0pht
L0pht Heavy Industries was a hacker collective active between 1992 and 2000 and located in the Boston, Massachusetts area.-Name:The second character in its name was originally a slashed zero, a symbol used by old teletypewriters and some character mode operating systems to mean zero...
where he was a vulnerability researcher.
Chris Wysopal was born in 1965 in New Haven, Connecticut
New Haven, Connecticut
New Haven is the second-largest city in Connecticut and the sixth-largest in New England. According to the 2010 Census, New Haven's population increased by 5.0% between 2000 and 2010, a rate higher than that of the State of Connecticut, and higher than that of the state's five largest cities, and...
, his mother an educator and his father an engineer. He attended Rensselaer Polytechnic Institute
Rensselaer Polytechnic Institute
Stephen Van Rensselaer established the Rensselaer School on November 5, 1824 with a letter to the Rev. Dr. Samuel Blatchford, in which van Rensselaer asked Blatchford to serve as the first president. Within the letter he set down several orders of business. He appointed Amos Eaton as the school's...
in Troy, New York
Troy, New York
Troy is a city in the US State of New York and the seat of Rensselaer County. Troy is located on the western edge of Rensselaer County and on the eastern bank of the Hudson River. Troy has close ties to the nearby cities of Albany and Schenectady, forming a region popularly called the Capital...
where he received a bachelor's degree
Bachelor's degree
A bachelor's degree is usually an academic degree awarded for an undergraduate course or major that generally lasts for three or four years, but can range anywhere from two to six years depending on the region of the world...
in computer systems and engineering in 1987.
Career
He was the seventh member to join the L0pht. His projects there included NetcatNetcat
Netcat is a computer networking service for reading from and writing network connections using TCP or UDP. Netcat is designed to be a dependable “back-end” device that can be used directly or easily driven by other programs and scripts...
and L0phtCrack
L0phtCrack
L0phtCrack is a password auditing and recovery application originally produced by Mudge from L0pht Heavy Industries. It is used to test password strength and sometimes to recover lost Microsoft Windows passwords, by using dictionary, brute-force, hybrid attacks, and rainbow tables...
for Windows. He was also webmaster
Webmaster
A webmaster , also called a web architect, web developer, site author, or website administrator is a person responsible for maintaining one or many websites...
/graphic designer for the L0pht
L0pht
L0pht Heavy Industries was a hacker collective active between 1992 and 2000 and located in the Boston, Massachusetts area.-Name:The second character in its name was originally a slashed zero, a symbol used by old teletypewriters and some character mode operating systems to mean zero...
website and for Hacker News Network, the first hacker blog
Blog
A blog is a type of website or part of a website supposed to be updated with new content from time to time. Blogs are usually maintained by an individual with regular entries of commentary, descriptions of events, or other material such as graphics or video. Entries are commonly displayed in...
. He researched and published security advisories on vulnerabilities in Microsoft Windows
Microsoft Windows
Microsoft Windows is a series of operating systems produced by Microsoft.Microsoft introduced an operating environment named Windows on November 20, 1985 as an add-on to MS-DOS in response to the growing interest in graphical user interfaces . Microsoft Windows came to dominate the world's personal...
, Lotus Domino
Lotus Notes
Lotus Notes is the client of a collaborative platform originally created by Lotus Development Corp. in 1989. In 1995 Lotus was acquired by IBM and became known as the Lotus Development division of IBM and is now part of the IBM Software Group...
, Microsoft IIS
Internet Information Services
Internet Information Services – formerly called Internet Information Server – is a web server application and set of feature extension modules created by Microsoft for use with Microsoft Windows. It is the most used web server after Apache HTTP Server. IIS 7.5 supports HTTP, HTTPS,...
, and ColdFusion
ColdFusion
In computing, ColdFusion is the name of a commercial rapid application development platform invented by Jeremy and JJ Allaire in 1995. ColdFusion was originally designed to make it easier to connect simple HTML pages to a database, by version 2 it had...
. Weld was one of the seven L0pht members who testified before a Senate
United States Senate
The United States Senate is the upper house of the bicameral legislature of the United States, and together with the United States House of Representatives comprises the United States Congress. The composition and powers of the Senate are established in Article One of the U.S. Constitution. Each...
committee in 1998 that they could bring down the Internet
Internet
The Internet is a global system of interconnected computer networks that use the standard Internet protocol suite to serve billions of users worldwide...
in 30 minutes. When L0pht was acquired by @stake
@stake
ATstake, Inc. was a computer security professional services company in Cambridge, Massachusetts, United States. It was founded in 1999 by Battery Ventures and Ted Julian...
in 1999 he became the manager of @stake's Research Group and later @stake's Vice President
Vice president
A vice president is an officer in government or business who is below a president in rank. The name comes from the Latin vice meaning 'in place of'. In some countries, the vice president is called the deputy president...
of Research and Development
Research and development
The phrase research and development , according to the Organization for Economic Co-operation and Development, refers to "creative work undertaken on a systematic basis in order to increase the stock of knowledge, including knowledge of man, culture and society, and the use of this stock of...
. In 2004 when @stake was acquired by Symantec
Symantec
Symantec Corporation is the largest maker of security software for computers. The company is headquartered in Mountain View, California, and is a Fortune 500 company and a member of the S&P 500 stock market index.-History:...
he became its Director of Development.
Wysopal was instrumental in developing industry guidelines for responsible disclosure
Responsible disclosure
Responsible disclosure is a computer security term describing a vulnerability disclosure model. It is like full disclosure, with the addition that all stakeholders agree to allow a period of time for the vulnerability to be patched before publishing the details. Developers of hardware and software...
of software vulnerabilities. He was a contributor to RFPolicy
RFPolicy
The RFPolicy states a method of contacting vendors about security vulnerabilities found in their products. It was originally written by hacker and security consultant Rain Forest Puppy....
, the first vulnerability disclosure policy. Together with Steve Christey of MITRE
MITRE
The Mitre Corporation is a not-for-profit organization based in Bedford, Massachusetts and McLean, Virginia...
he proposed an IETF RFC
Request for Comments
In computer network engineering, a Request for Comments is a memorandum published by the Internet Engineering Task Force describing methods, behaviors, research, or innovations applicable to the working of the Internet and Internet-connected systems.Through the Internet Society, engineers and...
titled "Responsible Vulnerability Disclosure Process" in 2002. The process was eventually rejected by the IETF as not within their purview but the process did become the foundation for Organization for Internet Safety, an industry group bringing together software vendors and security researcher
Researcher
A researcher is somebody who performs research, the search for knowledge or in general any systematic investigation to establish facts. Researchers can work in academic, industrial, government, or private institutions.-Examples of research institutions:...
s of which he was a founder. In 2003 he testified before a United States House of Representatives
United States House of Representatives
The United States House of Representatives is one of the two Houses of the United States Congress, the bicameral legislature which also includes the Senate.The composition and powers of the House are established in Article One of the Constitution...
subcommittee on the topic of vulnerability research and disclosure. In 2001 he founded the non-profit full disclosure
Full disclosure
In computer security, full disclosure means to disclose all the details of a security problem which are known. It is a philosophy of security management completely opposed to the idea of security through obscurity...
mailing list
Mailing list
A mailing list is a collection of names and addresses used by an individual or an organization to send material to multiple recipients. The term is often extended to include the people subscribed to such a list, so the group of subscribers is referred to as "the mailing list", or simply "the...
VulnWatch for which was moderator.
In 2008 Wysopal was recognized for his achievements in the IT industry by being named one of the 100 Most Influential People in IT by eWeek
EWeek
eWeek is a weekly computing business magazine published by Ziff Davis Enterprise.The magazine consists of a print publication and web site covering enterprise topics and is targeted at IT professionals rather than hobbyists.-Audience:The eWeek audience is actively involved in buying enterprise...
and selected as one of the InfoWorld CTO 25. In 2010 he was named a SANS Security Thought Leader.
External links
- U.S. Senate Press Release: HEARINGS ANNOUNCED ON COMPUTER SECURITY FAILURES IN GOVERNMENT
- @stake's Chris Wysopal to Testify at U.S. House of Representatives Hearing on Worm and Virus Defense
- Responsible Vulnerability Disclosure Process
- Hearing on "Worm and Virus Defense: How Can We Protect the Nation's Computers from These Threats?"