Security Operations

Beyond Log4j: Improving Open-Source Software Security

Veracode's Chris Wysopal on Understanding and Mitigating Open-Source Risk
Chris Wysopal, CTO and Co-Founder, Veracode

Log4j was but the latest fire drill, and it sounds yet another alarm for the unaddressed urgency of open-source software security. Chris Wysopal, CTO and co-founder of Veracode, shares insight on how enterprises must define and articulate their own open-source security strategy.

See Also: Fireside Chat | Zero Tolerance: Controlling The Landscape Where You'll Meet Your Adversaries

In this video interview with Information Security Media Group, Wysopal discusses:

  • The state of open-source software security and how to understand your open-source risk;
  • How open-source security can be built into the SDLC;
  • Planning now and getting ahead of future open-source vulnerabilities.

Wysopal is an entrepreneur, computer security expert and co-founder and chief technology officer of Veracode, which pioneered the concept of using automated static binary analysis to discover vulnerabilities in software. He is also a board member of Humanyze and a well-known speaker, author and security expert. Wysopal was instrumental in developing industry guidelines for responsible disclosure of software vulnerabilities. Prior to Veracode, he was vice president of research and development at security consultancy @stake, which was acquired by Symantec. In the '90s, he was one of the first vulnerability researchers as a member of the L0pht Heavy Industries.


About the Author

Tom Field

Tom Field

Senior Vice President, Editorial, ISMG

Field is responsible for all of ISMG's 28 global media properties and its team of journalists. He also helped to develop and lead ISMG's award-winning summit series that has brought together security practitioners and industry influencers from around the world, as well as ISMG's series of exclusive executive roundtables.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing govinfosecurity.com, you agree to our use of cookies.