Chris Wysopal, Veracode's CTO and Co-Founder, is responsible for the company's software security analysis capabilities. One of the original web vulnerability researchers with The L0pht and later @stake, Chris testified on Capitol Hill in the US on the subjects of government computer security and how vulnerabilities are discovered in software. He is the author of "The Art of Software Security Testing", published in 2007 by Addison-Wesley. Recently Chris, along with experts from more than 30 cyber security organizations helped develop the SANS-CWE Top 25 Most Dangerous Programming Errors.
Application Security Intelligence
Risk management requires consistent, up to date information across an organization. Application security intelligence is the accumulation and ability to query information across an organizations application portfolio. Application vulnerabilities are of course important to manage but the metadata for applications can be just as valuable to help an organization manage application risk. Examples of application metadata: application source, development team, SDLC processes used, install location, environmental controls, common libraries, etc. Combining application vulnerability data, application metadata, and other security information within an organization can help measure and manage organization wide application risk.