Chris Wysopal

@WeldPond

Co-founder and CTO Veracode. Former L0pht security researcher. Hackers make trouble.

Boston, MA
csoonline.com/author/Chris-W…
Joined March 2008
617 Photos and videos Photos and videos

Tweets

You blocked @WeldPond

Are you sure you want to view these Tweets? Viewing Tweets won't unblock @WeldPond

  1. Pinned Tweet
    22 Jun 2015

    A disaster foretold — and ignored. L0pht’s warnings about the Internet drew notice but little action

    16 replies 281 retweets 419 likes
    Undo
  2. Sep 2

    “US should consider following its closest allies in creating an independent, defense-only cyber security agency with no intelligence, military or law enforcement responsibility. “

    The word Alex Stamos would use for our current position is apparently "compromised"
    12 replies 26 retweets 46 likes
    Undo
  3. Sep 1

    I think it’s day drinking if you are at a VT brewers festival.

    3 replies 7 likes
    Undo
  4. Retweeted
    Aug 31

    "Using Machine Learning to Identify Security Issues in Open-Source Libraries" by Asankhaya Sharma at - Such a great talk on really cool work being done at CA Veracode

    21 retweets 35 likes
    Undo
  5. Retweeted
    Aug 31

    Leadership Panel at : Join us Sep 20th to hear from world's experts on how to unravel the Gordian Knot to bring Principles to . Register Now!

    6 retweets 7 likes
    Undo
  6. Aug 30

    We might want to get some vulnerability flashlights when we go down to the basement.

    Dependencies
    4 replies 21 retweets 54 likes
    Undo
  7. Retweeted
    Aug 30

    “We should raise our standards for what constitutes a professional software developer in terms of baseline security practices and skills.” - ’s on hardware security with on the stage.

    5 replies 18 retweets 45 likes
    Undo
  8. Aug 30

    Third party vandalism they say. Supply chain security I say.

    Snapchat's Snap Map Is Currently Showing "Jewtropolis" Instead Of "New York City" via
    16 likes
    Undo
  9. Aug 30

    OMG. Someone just told me to lower Beastie Boys “You Gotta Fight for Your Right to Party”

    34 replies 7 retweets 112 likes
    Undo
  10. Aug 30

    I just got mine!

    Got that next big idea you thought of using company equipment during work hours? Now you have a place to put it so you can easily hand it over when you get laid off.
    2 retweets 4 likes
    Undo
  11. Aug 30

    Is this a COPPA violation?

    New: a hacker found that a spyware company that markets to parents left 281 gigabytes of children photos exposed online.
    Show this thread
    2 replies 1 like
    Undo
  12. Retweeted
    Aug 29

    Thank you, I am speaking again tomorrow at I will be talking about how we built the largest database of vulnerabilities in open-source libraries using machine learning The talk will be live streamed on

    Here's a great talk from 2017 from and with great insights about open source vulnerability discovery at scale.
    1 reply 11 retweets 13 likes
    Undo
  13. Retweeted
    Aug 28

    Diversity and Inclusion Is A Business Strategy, Not An HR Program

    7 replies 191 retweets 359 likes
    Undo
  14. Retweeted
    Aug 28

    The Daily Caller reports that China hacked Hillary Clinton's home server and added code that inserted a secret CC line on all her emails, sending a copy of each -- including incoming emails-- to China. In related news, CC doesn't work that way.

    8 replies 28 retweets 79 likes
    Undo
  15. Aug 29

    Data was likely leaked earlier this month when Huazhu programmers accidentally uploaded copies of their company’s database to GitHub.

    11 retweets 16 likes
    Undo
  16. Retweeted
    Aug 29

    Great article by about challenges for governments in writing secure software.

    5 retweets 9 likes
    Undo
  17. Aug 28

    Patch the latest Struts 2 vulnerability or become a miner for someone else.

    14 retweets 3 likes
    Undo
  18. Aug 27

    DevSecOps still needs manual processes. Here are some of my recommendations.

    11 retweets 23 likes
    Undo
  19. Aug 25

    “it was irresponsible of Google to publicly disclose the technical details of the flaw so quickly, while many installations had not yet been updated and were still vulnerable”. What percentage of updated installs should be the disclosure limit, if any?

    8 replies 9 retweets 10 likes
    Undo
  20. Aug 24

    The clone sites had intentional vulnerabilities as you would do if you were teaching kids web app attack techniques.

    6 replies 76 retweets 136 likes
    Undo
  21. Aug 24

    No CS degree needed. 22 yo in Philippines make a living finding security bugs.

    7 replies 63 retweets 192 likes
    Undo

@WeldPond hasn't Tweeted yet.

Loading seems to be taking a while.

Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.

    You may also like

    ·