When Web apps attack

Amid reports of new flaws disclosed within Quicktime, Adobe Reader, and RealPlayer, I had a chance to talk with Chris Wysopal (also known as Weld Pond), who knows a thing or two about software vulnerabilities. He was a member of L0pht, a Boston-based hacking think tank in the 1990s; he started VulnWatch, a mailing list that predated Full Disclosure; and he worked at both @stake and Symantec (which bought @stake). Most recently, Wysopal cofounded Veracode, a company that provides binary analysis to software developers to find flaws before they ship their software. But, even with companies such as Veracode, the vulnerabilities keep coming. Wysopal offered some perspective.

Read the article HERE.