
OODAcast
Episode 127: Chris Wysopal on Reducing Attack Surface in the Age of AI
Mar 24, 2025
Chris Wysopal, co-founder of Veracode and a pioneer in application security, shares his rich history in cybersecurity from the hacking collective 'The L0pht' to leading vulnerability research. He discusses the shift towards comprehensive application risk management and highlights the dual-edged sword of generative AI in development – amplifying speed while introducing new security challenges. Wysopal underscores the importance of automated remediation and deep security integration in the software lifecycle, all while cautioning against the rising threats from social engineering attacks.
51:27
Episode guests
AI Summary
AI Chapters
Episode notes
Podcast summary created with Snipd AI
Quick takeaways
- Chris Wysopal emphasizes the transition from traditional vulnerability testing to comprehensive application risk management in the face of escalating software complexity.
- He highlights the dual-use of AI in cybersecurity, stressing its role in accelerating development while raising significant security challenges and vulnerabilities.
Deep dives
The Origins of Vulnerability Research
Chris Weissopel shares how his early interest in computers spurred his fascination with vulnerability research during the late 80s. He describes his experience with bulletin board systems, highlighting the thrill of discovering unconventional information that was not taught in traditional educational settings. This curiosity eventually led him to join the Loft, a pioneering group focused on identifying software and hardware vulnerabilities rather than simply reporting them. The Loft's early efforts contributed significantly to the formalization of vulnerability research, marking a crucial development in the field of cybersecurity.
Remember Everything You Learn from Podcasts
Save insights instantly, chat with episodes, and build lasting knowledge - all powered by AI.