Content area
Full Text
An obsession with software security forms the basis for a new model to assessing apps' safety
Chris Wysopal's obsession with software security has brought him fame as a member of the L0pht hacker "think tank," led to stints as lead security researcher at @stake and director of development at Symantec, and helped produce the Organization for Internet Safety, which was founded on guidelines for the responsible disclosure of software security vulnerabilities developed by Wysopal and MITRE's Steve Christey.
But Wysopal's fixation has arguably paid its greatest dividend in the form of Veracode, an application security assessment company that Wysopal launched in early 2007 and that unveiled a security rating system for applications in April 2008. Leveraging industry standards such as CWE and CVSS, the Veracode...