Chris Wysopal
@WeldPond
Hacker. Co-founder/CTO Veracode. Former L0pht security researcher. GenAI Auto-repair of vulns is the future @weld.bsky.social @[email protected]
My Congressional testimony on how vulnerabilities are discovered by researchers, how patching doesn't solve our problems and the need for secure by design. This was 9/11/2003. Are we making progress yet? c-span.org/video/?c501661…
A bug bounty program is economically beneficial to a firm when the firm has low in-house efficiency in finding a vulnerability *or* when the firm faces a high proportion of coopetitive hackers (bug reporters who would otherwise pose a security risk by misusing vulnerability…
Secure by Design products use static and dynamic application security testing. These tools can be incorporated into development processes and run automatically to ensure products comply with expected security requirements. Learn more: go.dhs.gov/wy7
Finally some good news about govt back doors
One good thing coming out of the current administration: the US is actually forcing the UK to back down on backdoors. arstechnica.com/tech-policy/20…
1yr ago… most news was RE: airline disruptions ✈️ … most of my calls were RE: patient care disruptions 🏥
Of those, more than 200 appear to have had outages of services related to patient care following CrowdStrike’s disastrous crash, researchers have revealed. wired.com/story/at-least…
🚀 We’re thrilled to welcome Anthony Barkley as Veracode’s new Chief Strategy Officer! From ethical hacking to GTM leadership, he brings the vision to help us grow and deepen customer impact. Welcome aboard, Anthony! 👏
Dino Dai Zovi @dinodaizovi is induced in the @SummerC0n Hall Of Fame alongside @dotMudge @nudehaberdasher and @heidishmoo. Congratulations Dino for an amazing security impact across industry and government. Well deserved!
1999: Cult of the Dead Cow (cDc) member DilDog debuted the program Back Orifice 2000 (BO2k) at DEF CON 7. It was the successor to Back Orifice, released by cDc a year prior. DilDog proclaimed it "a remote administration tool for corporate America". 🤣🤔
Treating security as a final step in the software development lifecycle is risky and outdated. Veracode's @WeldPond contributes valuable perspective to Forbes, covering common mistakes that can trip up even experienced DevOps teams: sprou.tt/1BILIrXVTJS
17, 17, 19 and 20 year olds "M&S was the first retailer to be attacked in April in an incident that forced the closure of its online store for nearly seven weeks."
This is probably important and probably means something theguardian.com/uk-news/2025/j…
McDonald's uses an AI bot called "Olivia" for hiring. A pair of hackers found they could access every conversation job applicants had with it—including all the personal info they shared—by exploiting security flaws as basic as using the password "123456". wired.com/story/mcdonald…
1982: The movie Tron was released. The story of a software engineer who tried to hack his old employer's mainframe to prove an exec stole games he developed. As you'd expect, AI software digitized and downloaded him. Eventually he escaped. And unsurprisingly became company CEO.
Gone are the days of trusting caller ID. We can no longer rely on “knowing someone’s voice” or “knowing someone’s face on video call”, I can clone those in minutes in a live audio call or video call. Verify identity using another method of communication before providing…
Do we need the term PoliPhish when government officials are voice and text spoofed. newser.com/story/371511/m…
