KEYNOTE 1: Chris Wysopal (CTO/Co-Founder, Veracode)

Presentation Title The Perpetual Insecurity Machine
Presentation Abstract

Attackers know more about the security of hardware or software when they break into it than the developers and designers did when they built it. The security research that informs them comes after the hardware or software gains popularity and is widely deployed.

Attackers play in a world of information arbitrage where they are able to capitalize on vulnerability information better than defenders can, striking with new attack techniques that take months or even years for defenders to react to. Unless fundamental changes occur in the way technology is deployed, insecure for a window of time and then later secured, we will live in the world of a perpetual insecurity machine.

Over the past 10 years we have seen systems and platforms such as WiFi, web browsers, and database backed web apps seem to live in a constant state of insecurity. There are commonalities to technology that always seems to be insecure. We need to understand what these properties are if technology is ever going to get to a more secure state.

About Chris Wysopal

Chris Wysopal (AKA Weld Pond), Veracode’s CTO and Co-Founder, is responsible for the company’s software security analysis capabilities. In 2008 he was named one of InfoWorld’s Top 25 CTO’s and one of the 100 most influential people in IT by eWeek. In 2010 he was named a SANS Security Thought Leader.

One of the original vulnerability researchers and a member of L0pht Heavy Industries, he has testified on Capitol Hill in the US on the subjects of government computer security and how vulnerabilities are discovered in software.

Chris was one of the first vulnerability researchers for web applications and Windows, publishing advisories in Lotus Domino, Cold Fusion, and Windows back in the mid 1990′s. Around the same time he also co-authored L0phtCrack, which he still sells today, and ported netcat to Windows.

He graduated from Rensselaer Polytechnic Institute with a BS in Computer & Systems Engineering and is the author of “The Art of Software Security Testing” published by Addison-Wesley.