Chris Wysopal (also known as Weld Pond) was a member of the high profile hacker think tank, the L0pht. Weld Pond earned a bachelor's degree in Computer Systems & Engineering from Rensselaer Polytechnic Institute. Weld Pond was the seventh member to join the L0pht. His projects there included L0phtCrack and Netcat for Windows. He was also webmaster/graphic designer for the L0pht's web site, and for Hacker News Network (the first hacker blog). He researched and published security advisories on vulnerabilities in Microsoft Windows, Lotus Domino, Microsoft IIS, and ColdFusion. Weld was one of the seven L0pht members who testified before a Senate committee in 1998 that they could bring down the Internet in 30 minutes. When L0pht was acquired by @stake in 1999, he became the manager of @stake's Research Group and later became @stake's Vice President of Research and Development. In 2004, when @stake was acquired by Symantec, he became its Director of Development. Weld was instrumental in developing industry guidelines for disclosing a software security vulnerability responsibly. He was a contributor to the first vulnerability disclosure policy, RFPolicy. In 2002, along with Steve Christey of MITRE, he proposed an IETF RFC titled "Responsible Vulnerability Disclosure Process". The process was eventually rejected by the IETF as not within their purview. However, the process did become the foundation for Organization for Internet Safety, an industry group bringing together software vendors and security researchers, of which Weld Pond was a founder. In 2003 he testified before a United States House of Representatives subcommittee on the topic of vulnerability research and disclosure. In 2001, he founded the non-profit, full disclosure mailing list, VulnWatch, for which he is a moderator. He is presently the co-founder and CTO of Veracode, a spin-off from Symantec. In November 2007 he became engaged to his partner, Debra Kavaler, who works in New York real estate.
Bibliography
Books
- Wysopal, Chris; Lucas Nelson, Dino Dai Zovi, Elfriede Dustin (November 1 2006). The Art of Software Security Testing, (First Edition), Addison-Wesley. ISBN 0-321-304865-1.
Articles
- Wysopal, Chris. "Do Security Holes Demand Full Disclosure", ZDNet News, August 16, 2000.
- Wysopal, Chris. "Why the world needs reverse engineers", ZDNet News, October 9, 2000.
- Wysopal, Chris. "Learning Security QA from Vulnerability Researchers", USENIX ;login:, December 2003.
- Wysopal, Chris. "Case Your Own Joint", Better Software Magazine, October 2004.
- Wysopal, Chris. "Putting Trust in Software Code", USENIX ;login:, December 2004.
- Wysopal, Chris. "Government IT security begins at app level", Government Computer News, July 24, 2006.
