Software Integrity Blog

Author Archive

Tim Mackey

tmackey

Tim Mackey is a principal security strategist within the Synopsys CyRC (Cybersecurity Research Center). He joined Synopsys as part of the Black Duck Software acquisition where he worked to bring integrated security scanning technology to Red Hat OpenShift and the Kubernetes container orchestration platforms. As a security strategist, Tim applies his skills in distributed systems engineering, mission critical engineering, performance monitoring, large-scale data center operations, and global data privacy regulations to customer problems. He takes the lessons learned from those activities and delivers talks globally at well-known events such as RSA, Black Hat, Open Source Summit, KubeCon, OSCON, DevSecCon, DevOpsCon, Red Hat Summit, and Interop. Tim is also an O'Reilly Media published author and has been covered in publications around the globe including USA Today, Fortune, NBC News, CNN, Forbes, Dark Reading, TEISS, InfoSecurity Magazine, and The Straits Times. Follow Tim at @TimInTech on Twitter and at mackeytim on LinkedIn.


Posts by Tim Mackey:

 

Digging deeper into the GitHub security alerts numbers

Within a month of the GitHub security alerts’ launch in November 2017, the security scan turned up over 4 million bugs in over 500,000 repositories. Let’s dig deeper into the GitHub security alerts numbers.

Continue Reading...

Posted in Open Source Security

 

Weighing the pros and cons of open sourcing election software

Open source election software is exposed to many eyes that check it for vulnerabilities. But does that mean it’s more secure? What are the pros and cons of open sourcing election software?

Continue Reading...

Posted in Open Source Security, Software Architecture & Design

 

Why you need to build AppSec into your DevOps process

To leverage open source in application development safely, you need to build AppSec into your DevOps process, including use of open source components.

Continue Reading...

Posted in Agile, CI/CD & DevOps, Open Source Security, Software Composition Analysis (SCA), Webinars

 

Should you replace Apache Struts? Maybe. Or, maybe not.

With the latest round of security disclosures comingled with the Equifax data breach, it’s reasonable for users of Struts to start questioning if they should be migrating to another framework.

Continue Reading...

Posted in Data Breach Security, Open Source Security

 

A voracious appetite for open source software worldwide

At Synopsys, we work with the community and organizations to understand what responsible open source usage means. As part of that process, we view our connection to the open source community as a key component to both understanding where the development community is and educating them on how to build better code. Earlier this year, we released the Open Source Security and Risk Analysis Report (OSSRA), which distilled data from over 1,000 customer audits performed by the Black Duck Audit Services team. Building on these results, we’re releasing the results of our Open Source 360⁰ survey.

Continue Reading...

Posted in Open Source Security, Software Composition Analysis (SCA)