Chris Wysopal is Chief Technology Officer at Veracode. He oversees technology strategy and information security. Prior to co-founding Veracode in 2006, Chris was vice president of research and development at security consultancy @stake, which was acquired by Symantec.
In the 1990’s, Chris was one of the original vulnerability researchers at The L0pht, a hacker think tank, where he was one of the first to publicize the risks of insecure software. He has testified to the US Congress on the subjects of government security and how vulnerabilities are discovered in software.
Chris received a BS in computer and systems engineering from Rensselaer Polytechnic Institute. He is the author of The Art of Software Security Testing.
That doesn’t mean there are something like 27 million apps out there using this.
Hackers have designed a back door into an open source framework that has been downloaded roughly 28 million times by building a malicious version that masquerades as the real thing. A compromised version of the website development tool bootstrap-sass was published to the official RubyGems repository, a hub where programmers can share their application code. The open source security firm Snyk alerted developers to the issue Wednesday, advising users to update their systems away from the infected framework (version 3.2.0.3). “That doesn’t mean there are something like 27 million apps out there using this,” said Chris Wysopal, chief technology officer at app security company Veracode. “[But] when you’re using open source packages to build your applications, you’re inheriting many of the vulnerabilities. … But bootstrap-sass is a popular component used by enterprises and startups so there’s potentially thousands of applications affected by this.” While the vulnerability...