Software Integrity Blog

Author Archive

Tim Mackey

tmackey

Tim Mackey works within the Synopsys Software Integrity Group as a technology evangelist. He joined Synopsys as part of the Black Duck Software acquisition where he worked to bring integrated security scanning technology to Red Hat OpenShift and the Kubernetes container orchestration platforms. Prior to joining Black Duck, Tim worked at Citrix as the community manager for XenServer and was part of the Citrix Open Source Business Office. Being a technology evangelist allows Tim to apply his skills in distributed systems engineering, mission critical engineering, performance monitoring and large-scale data center operations to customer problems. He takes the lessons learned from those activities and delivers talks globally at well-known events such as RSA, OSCON, Open Source Summit, KubeCon, Interop, CA World, Container World, DevSecCon, DevOps Days and the IoT Summit. Tim is also an O’Reilly Media published author. Follow Tim @TimInTech on Twitter and at mackeytim on LinkedIn.


Posts by Tim Mackey:

 

The intersection between IAST and SCA and why you need both in your security toolkit

Interactive application security testing (IAST) and software composition analysis (SCA) are powerful technologies—and you need both in your security toolkit.

Continue Reading...

Posted in Agile, CI/CD & DevOps, Interactive Application Security Testing (IAST), Software Composition Analysis | Comments Off on The intersection between IAST and SCA and why you need both in your security toolkit

 

Electoral trust meets software security

It’s fair to say that regardless of where you live, assuming you have democratic elections, you want your vote to count—without any form of external influence or tampering. It’s also fair to say that until the most recent election cycle, for many Americans, election tampering was pretty low on their list of things to worry […]

Continue Reading...

Posted in General | Comments Off on Electoral trust meets software security

 

LifeLock lesson—Third party security is your security

On July 25, on his blog Krebs on Security, Brian Krebs covered a flaw in how LifeLock processed “unsubscribe” information related to its marketing activities. For those unfamiliar with LifeLock, it is a subsidiary of Symantec offering identity monitoring and protection services in the U.S. market. Brian outlined an issue impacting recipients of LifeLock marketing material […]

Continue Reading...

Posted in General, Security Standards and Compliance | Comments Off on LifeLock lesson—Third party security is your security

 

Timehop breach provides GDPR response template

With the disclosure of 21 million individuals’ account information being accessed in a data breach at Timehop, we now have a blueprint for what public disclosure of a breach might look like under the new GDPR rules. In their disclosure, Timehop stated that on July 4, malicious actors gained access to account information for 21 […]

Continue Reading...

Posted in Data Breach, Security Standards and Compliance | Comments Off on Timehop breach provides GDPR response template

 

8 takeaways from NIST’s Application Container Security Guide

Companies are leveraging containers on a massive scale to rapidly package and deliver software applications. But because it is difficult for organizations to see the components and dependencies in all their container images, container security risks associated with containerized delivery has become a hot topic in DevOps. This puts the spotlight on operations teams to […]

Continue Reading...

Posted in Agile, CI/CD & DevOps, Container Security | Comments Off on 8 takeaways from NIST’s Application Container Security Guide

 

RSA 2018 recap: Detecting vulnerabilities and avoiding snake oil

With RSA 2018 behind us, a recap is in order. For any readers who have never attended the RSA Conference (RSA) in North America, it’s worth setting the stage. For practical purposes, RSA is the premier technology security conference. There are tens of thousands of attendees, well over a dozen conference tracks, and the show […]

Continue Reading...

Posted in General, Software Architecture and Design | Comments Off on RSA 2018 recap: Detecting vulnerabilities and avoiding snake oil

 

Data breaches and more data breaches—oh my!

It’s been quite an interesting few weeks in the land of data breach disclosures. We started with Under Armour disclosing a breach in their MyFitnessPal application that impacted 150 million users. A few days later, Lord & Taylor and Saks Fifth Avenue disclosed a breach impacting millions of their in-store shoppers. Later the same day, […]

Continue Reading...

Posted in Data Breach, Security Standards and Compliance | Comments Off on Data breaches and more data breaches—oh my!

 

Using containers? What’s hidden in your container images?

Do you know what’s in your containers? No, the question has nothing to do with those mystery containers in your fridge. But if you don’t know what’s in those lovely Docker containers which are all the rage, you could be in store for just as rude a surprise as discovering what might be hiding deep […]

Continue Reading...

Posted in Container Security | Comments Off on Using containers? What’s hidden in your container images?

 

Digging deeper into the GitHub security alerts numbers

Within a month of the GitHub security alerts’ launch in November 2017, the security scan turned up over 4 million bugs in over 500,000 repositories. Let’s dig deeper into the GitHub security alerts numbers. Within a month of the GitHub security alerts’ launch in November 2017, when GitHub began scanning for known vulnerabilities in popular […]

Continue Reading...

Posted in Open Source Security | Comments Off on Digging deeper into the GitHub security alerts numbers

 

Weighing the pros and cons of open sourcing election software

Open source election software is exposed to many eyes that check it for vulnerabilities. But does that mean it’s more secure? What are the pros and cons of open sourcing election software?

Continue Reading...

Posted in Open Source Security, Software Architecture and Design | Comments Off on Weighing the pros and cons of open sourcing election software