Software Integrity Blog

Author Archive

Tim Mackey

tmackey

Tim Mackey is a principal security strategist within the Synopsys CyRC (Cybersecurity Research Center). He joined Synopsys as part of the acquisition of Black Duck Software, where he worked to bring integrated security scanning technology to Red Hat OpenShift and the Kubernetes container orchestration platforms. As a security strategist, Tim applies his skills in distributed systems engineering, mission critical engineering, performance monitoring, and large-scale data center operations to customer problems. He takes the lessons learned from those activities and delivers talks globally at well-known events such as RSA, OSCON, Open Source Summit, KubeCon, Interop, CA World, Container World, DevSecCon, DevOps Days, and the IoT Summit. Tim is also an O’Reilly Media published author. Follow Tim at @TimInTech on Twitter and at mackeytim on LinkedIn.


Posts by Tim Mackey:

 

Digging deeper into the GitHub security alerts numbers

Within a month of the GitHub security alerts’ launch in November 2017, the security scan turned up over 4 million bugs in over 500,000 repositories. Let’s dig deeper into the GitHub security alerts numbers.

Continue Reading...

Posted in Open Source Security | Comments Off on Digging deeper into the GitHub security alerts numbers

 

Weighing the pros and cons of open sourcing election software

Open source election software is exposed to many eyes that check it for vulnerabilities. But does that mean it’s more secure? What are the pros and cons of open sourcing election software?

Continue Reading...

Posted in Open Source Security, Software Architecture & Design | Comments Off on Weighing the pros and cons of open sourcing election software

 

Why you need to build AppSec into your DevOps process

To leverage open source in application development safely, you need to build AppSec into your DevOps process, including use of open source components.

Continue Reading...

Posted in Agile, CI/CD & DevOps, Open Source Security, Software Composition Analysis (SCA), Webinars | Comments Off on Why you need to build AppSec into your DevOps process

 

Should you replace Apache Struts? Maybe. Or, maybe not.

It’s one hell of a year for Apache Struts. With the latest round of security disclosures comingled with the Equifax data breach, it’s reasonable for users of Struts to start questioning if they should be migrating to another framework. After all, there have been five possible remote code execution disclosures this year, and that’s quite a lot.

Continue Reading...

Posted in Data Breach Security, Open Source Security | Comments Off on Should you replace Apache Struts? Maybe. Or, maybe not.

 

A voracious appetite for open source software worldwide

At Synopsys, we work with the community and organizations to understand what responsible open source usage means. As part of that process, we view our connection to the open source community as a key component to both understanding where the development community is and educating them on how to build better code. Earlier this year, we released the Open Source Security and Risk Analysis Report (OSSRA), which distilled data from over 1,000 customer audits performed by the Black Duck Audit Services team. Building on these results, we’re releasing the results of our Open Source 360⁰ survey.

Continue Reading...

Posted in Open Source Security, Software Composition Analysis (SCA) | Comments Off on A voracious appetite for open source software worldwide