Beyond Log4j: Improving Open-Source Software Security
Veracode's Chris Wysopal on Understanding and Mitigating Open-Source RiskLog4j was but the latest fire drill, and it sounds yet another alarm for the unaddressed urgency of open-source software security. Chris Wysopal, CTO and co-founder of Veracode, shares insight on how enterprises must define and articulate their own open-source security strategy.
See Also: OnDemand | 1 in 3 Breaches Go Undetected: Strengthen Your Defense Against Identity Attacks
In this video interview with Information Security Media Group, Wysopal discusses:
- The state of open-source software security and how to understand your open-source risk;
- How open-source security can be built into the SDLC;
- Planning now and getting ahead of future open-source vulnerabilities.
Wysopal is an entrepreneur, computer security expert and co-founder and chief technology officer of Veracode, which pioneered the concept of using automated static binary analysis to discover vulnerabilities in software. He is also a board member of Humanyze and a well-known speaker, author and security expert. Wysopal was instrumental in developing industry guidelines for responsible disclosure of software vulnerabilities. Prior to Veracode, he was vice president of research and development at security consultancy @stake, which was acquired by Symantec. In the '90s, he was one of the first vulnerability researchers as a member of the L0pht Heavy Industries.