That's like the holy grail for a thief," said Chris Wysopal, co-founder of security company Veracode. That's like the holy grail for a thief," said Chris Wysopal, co-founder of security company Veracode.

Veracode Security Blog: Application security research, security trends and opinions > Chris Wysopal, Co-Founder and Chief Technology Officer Chris Wysopal, Co-Founder and Chief Technology Officer Chris Wysopal, co-founder and CTO of Veracode, is recognized as an expert and a well known speaker in the information security field. He has given keynotes at computer security events and has testified on Capitol Hill on the subjects of government computer security and how vulnerabilities are discovered in software. He also has spoken as the keynote at West Point, to the Defense Information Systems Agency (DISA) and before the International Financial Futures and Options Exchange in London. His opinions on Internet security are highly sought after and most major print and media outlets have featured stories on Mr. Wysopal and his work. At Veracode, Mr. Wysopal is responsible for the security analysis capabilities of Veracode technology. Mr. Wysopal's groundbreaking work in 2002 while at the company @stake was instrumental in developing industry guidelines for responsibly disclosing software security vulnerabilities. Mr. Wysopal, along with Steve Christey of MITRE, proposed an IETF RFC identified as the "Responsible Vulnerability Disclosure Process," which became the foundation for the Organization for Internet Safety (OIS). Mr. Wysopal is a founder of OIS, which established industry standards for the responsible disclosure of Internet security vulnerabilities. Mr. Wysopal is co-author of the award winning password auditing and recovery application @stake LC (L0phtCrack) which is currently used by more than 6,000 governments, military and corporate organizations worldwide. Mr. Wysopal began his career as a principal software engineer at Lotus Development Corporation where, in the mid 90s, with the rise of the Internet, he realized the critical need for secure software. He and his colleagues then created the first security research think tank known as L0pht Heavy Industries, which was later acquired by @stake in 1999. He became the manager of @stake's Research Group and later became @stake's vice president of research and development where he led a world class team of security researchers tackling the problem of automating the process for finding and disclosing security vulnerabilities in software. He also managed @stake's products group to develop new security tools focused on wireless, infrastructure and application security. In 2004, when @stake was acquired by Symantec, Mr. Wysopal became its director of development and was responsible for the engineering team that built binary analysis technology to find vulnerabilities in software. Mr. Wysopal wrote The Art of Software Security Testing: Identifying Security Flaws, published by Addison Wesley and Symantec Press in December 2006. Mr. Wysopal earned his Bachelor of Science Degree in Computer and Systems Engineering from Rensselaer Polytechnic Institute in Troy, New York. Chris Wysopal, Co-Founder and Chief Technology Officer

Chris Wysopal Co-Founder and Chief Technology Officer Chris Wysopal Co-Founder and Chief Technology Officer Chris Wysopal Co-Founder, CTO & Chief Information Security Officer, Veracode Chris Wysopal, co-founder and chief technology officer of Veracode, is responsible for the security analysis capabilities of Veracode technology. Mr. Wysopal is recognized as an expert and a well known speaker in the information security field and was recently named one of InfoWorld's Top 25 CTO's and one of the 100 most influential people in IT by the editorial staffs of eWeek, CIO Insight and Baseline Magazine. He has given keynotes at computer security events and has testified on Capitol Hill on the subjects of government computer security and how vulnerabilities are discovered in software. He also has spoken as the keynote at West Point, to the Defense Information Systems Agency (DISA) and before the International Financial Futures and Options Exchange in London. His opinions on Internet security are highly sought after and most major print and media outlets have featured stories on Mr. Wysopal and his work. Mr. Wysopal's groundbreaking work in 2002 while at the company @stake was instrumental in developing industry guidelines for responsibly disclosing software security vulnerabilities. Mr. Wysopal, along with Steve Christey of MITRE, proposed an IETF RFC identified as the "Responsible Vulnerability Disclosure Process," which became the foundation for the Organization for Internet Safety (OIS). Mr. Wysopal is a founder of OIS, which established industry standards for the responsible disclosure of Internet security vulnerabilities. Mr. Wysopal is co-author of the award winning password auditing and recovery application @stake LC (L0phtCrack) which is currently used by more than 6,000 government, military and corporate organizations worldwide. Mr. Wysopal began his career as a principal software engineer at Lotus Development Corporation where, in the mid 90's, with the rise of the Internet, he realized the critical need for secure software. He and his colleagues then created the first security research think tank known as L0pht Heavy Industries, which was later acquired by @stake in 1999. He became the manager of @stake's Research Group and later became @stake's vice president of research and development where he led a world class team of security researchers tackling the problem of automating the process for finding and disclosing security vulnerabilities in software. He also managed @stake's products group to develop new security tools focused on wireless, infrastructure and application security. In 2004, when @stake was acquired by Symantec, Mr. Wysopal became its director of development and was responsible for the engineering team that built binary analysis technology to find vulnerabilities in software. Mr. Wysopal wrote The Art of Software Security Testing: Identifying Security Flaws, published by Addison Wesley and Symantec Press in December 2006. Mr. Wysopal earned his Bachelor of Science Degree in Computer and Systems Engineering from Rensselaer Polytechnic Institute in Troy, New York.

One reason for that is because the portion of source code that leaked appears to be several years old, and the company has taken steps to fix many flaws, said Chris Wysopal, director of research and development for AtStake Inc. of Cambridge, Mass.Wysopal said another issue is that few users have the expertise and sophistication to try to use the code maliciously, and are likely just downloading it because they are curious."I think (for) the vast majority it's just to have it, and they don't know what they're going to do with it," he said.