Software Integrity Blog

Author Archive

Mike Pittenger

mike-pittenger

Mike Pittenger has 30 years of experience in technology and business, more than 25 years of management experience, and 15 years in security. He previously served as Vice President and General Manager of the product division of @stake. After @stake’s acquisition by Symantec, Pittenger led the spin-out of his team to form Veracode. He later served as Vice President of the product and training division of Cigital. For the past several years, he has consulted independently, helping security companies identify, define and prioritize the benefit to customers of their technologies, structure solutions appropriately and bring those offerings to market. Mike earned his AB in Economics from Dartmouth College and an MBA with a finance concentration from Bentley College.


Posts by Mike Pittenger:

 

CVE-2017-2636 strikes Linux kernel with double free vulnerability

We often talk about how open source is not less secure (or more secure) than commercial software. For one thing, commercial software contains so much open source that it’s difficult to find anything that doesn’t include open source. There are, however, characteristics of open source that make it attractive to attackers when vulnerabilities are disclosed. Briefly, when […]

Continue Reading...

Posted in Open Source Security | Comments Off on CVE-2017-2636 strikes Linux kernel with double free vulnerability

 

Examining vulnerability criticality when risk ranking vulnerabilities

Every organization starting a security testing program struggles with addressing vulnerabilities. With limited resources in virtually all organizations, prioritizing this work is a requirement. That’s where assessing vulnerability criticality comes in.

Continue Reading...

Posted in Software Architecture and Design | Comments Off on Examining vulnerability criticality when risk ranking vulnerabilities

 

3 things to consider when risk ranking your applications

Almost every security lead I speak to would love to have more security resources. Whether it’s people to conduct threat modeling, manual code reviews, or simply someone who can scrub the false positives from the blizzard of information they receive each day, everyone seems to be in need of an extra hand. Let’s start by […]

Continue Reading...

Posted in Open Source Security, Software Architecture and Design | Comments Off on 3 things to consider when risk ranking your applications

 

Dyn DDoS attack: IoT vulnerabilities

The Dyn DDoS attack comes shortly after a pair of other massive attacks. Here’s how the attacks work, the impact of IoT vulnerabilities, and the damage caused. We saw a preview Friday of how fragile the cyber world can be when DNS service disruptions blocked access to many popular websites. This wasn’t a case of […]

Continue Reading...

Posted in Internet of Things | Comments Off on Dyn DDoS attack: IoT vulnerabilities

 

Recognizing another type of threat: Non-targeted attacks

A CISO recently told me “If the NSA [or other nation-state supported organization] wants to hack me, they will. If a 16-year-old hacks me using a known exploit, I’ll lose my job.”

Continue Reading...

Posted in Data Breach, Open Source Security | Comments Off on Recognizing another type of threat: Non-targeted attacks

 

Open source code: New approach to application security management

I co-authored this post on open source code and application security management with Constantine Grancharov, Product Manager, Application Security Solutions at IBM.

Continue Reading...

Posted in Open Source Security | Comments Off on Open source code: New approach to application security management