Software Integrity Blog

Author Archive

Tim Mackey

tmackey

Tim Mackey works within the Synopsys Software Integrity Group as a technology evangelist. He joined Synopsys as part of the Black Duck Software acquisition where he worked to bring integrated security scanning technology to Red Hat OpenShift and the Kubernetes container orchestration platforms. Prior to joining Black Duck, Tim worked at Citrix as the community manager for XenServer and was part of the Citrix Open Source Business Office.

Being a technology evangelist allows Tim to apply his skills in distributed systems engineering, mission critical engineering, performance monitoring and large-scale data center operations to customer problems. He takes the lessons learned from those activities and delivers talks globally at well-known events such as RSA, OSCON, Open Source Summit, KubeCon, Interop, CA World, Container World, DevSecCon, DevOps Days and the IoT Summit. Tim is also an O’Reilly Media published author. Follow Tim @TimInTech on Twitter and at mackeytim on LinkedIn.


Posts by Tim Mackey:

 

Weighing the pros and cons of open sourcing election software

Open source election software is exposed to many eyes that check it for vulnerabilities. But does that mean it’s more secure? What are the pros and cons of open sourcing election software?

Continue Reading...

Posted in Open Source Security, Software Architecture and Design | Comments Off on Weighing the pros and cons of open sourcing election software

 

Achieving open source security in container environments

Today, open source components are at the heart of most modern applications, transforming how we architect solutions in every industry. Black Duck’s 2017 Open Source Security and Risk Analysis of over 1000 commercial applications revealed that 96% of applications scanned utilized open source. Meanwhile, more than 60% of those applications contained known security vulnerabilities in their open source components, and on average, vulnerabilities identified in these applications have been publicly known for over four years.

Continue Reading...

Posted in Container Security, Open Source Security | Comments Off on Achieving open source security in container environments

 

Why you need to build AppSec into your DevOps process

Application development thrives on the use of open source components. Why? Quite simply, there are many benefits to using open source components, including the ability to leverage skill sets and expertise of the open source community, take advantage of the efforts of larger development teams, and reduce costs. To use open source components safely and responsibly, organizations need visibility into which open source components they’re using, where those components originate, and understand the associated security risk of each component.

Continue Reading...

Posted in Agile, CI/CD & DevOps, Open Source Security, Webinars | Comments Off on Why you need to build AppSec into your DevOps process

 

8 takeaways from NIST’s application container security guide

Companies are leveraging containers on a massive scale to rapidly package and deliver software applications. But because it is difficult for organizations to see the components and dependencies in all their container images, the security risks associated with containerized software delivery has become a hot topic in DevOps. This puts the spotlight on Operations teams to find security vulnerabilities in the production environment.

Continue Reading...

Posted in Agile, CI/CD & DevOps, Container Security | Comments Off on 8 takeaways from NIST’s application container security guide

 

Should you replace Apache Struts? Maybe. Or, maybe not.

It’s one hell of a year for Apache Struts. With the latest round of security disclosures comingled with the Equifax data breach, it’s reasonable for users of Struts to start questioning if they should be migrating to another framework. After all, there have been five possible remote code execution disclosures this year, and that’s quite a lot.

Continue Reading...

Posted in Data Breach, Open Source Security | Comments Off on Should you replace Apache Struts? Maybe. Or, maybe not.

 

A voracious appetite for open source software worldwide

At Synopsys, we work with the community and organizations to understand what responsible open source usage means. As part of that process, we view our connection to the open source community as a key component to both understanding where the development community is and educating them on how to build better code. Earlier this year, the Synopsys Center for Open Source Research and Innovation (COSRI) released the Open Source Software Risk Analysis Report (OSSRA), which distilled data from over 1000 customer audits performed by the Black Duck by Synopsys On-Demand Audit team. Building on these results, we’re releasing the results of our Open Source 360⁰ survey.

Continue Reading...

Posted in General, Open Source Security, Software Composition Analysis, Webinars | Comments Off on A voracious appetite for open source software worldwide

 

Open source conferences world wide with Black Duck

One of the fun parts of my job is participating in events. I enjoy the feedback I receive from the communities I work with and I have the opportunity to speak about topics I’m passionate about. While I have the luxury of travel, that’s not the case for the majority of community members I speak with. For them, #dayjob is likely to sponsor their attendance at one or two events per year. This is why we not only attend open source conferences, but created our own.

Continue Reading...

Posted in Container Security, General, Open Source Security, Webinars | Comments Off on Open source conferences world wide with Black Duck