“Free static code analysis tools can be used to find bugs in software, whether it’s developed in house or open source. It won’t find every bug, but it can help tell you quickly what kinds of risks you’re taking on by using that software.”

Twitter: @Dan_Crowley

Daniel Crowley is the head of research and a penetration tester for X-Force Red. He denies all allegations regarding unicorn smuggling and questions your character for even suggesting it. He is the primary author of both the Magical Code Injection Rainbow, a configurable vulnerability testbed, and FeatherDuster, an automated cryptanalysis tool. Daniel enjoys climbing large rocks and was TIME Magazine’s 2006 Person of the Year. He has been working in the information security industry since 2004 and is a frequent speaker at conferences, including Black Hat, DEF CON, ShmooCon, and SOURCE. Daniel does his own charcuterie and brews his own beer. His work has been included in books and college courses. He also holds the noble title of baron in the micronation of Sealand.

If there is one myth that you could debunk in cybersecurity, what would it be?

That we truly are a meritocracy as The Mentor claimed. When he wrote his famous Hacker’s Manifesto, it was a time when everyone was just a screen name. You couldn’t judge someone by their race, nationality, sex, and so on, because you simply didn’t know those ...