Mike Pittenger | VP of Security Strategy

Mike Pittenger has 30 years of experience in technology and business, more than 25 years of management experience, and 15 years in security. He previously served as Vice President and General Manager of the product division of @stake. After @stake’s acquisition by Symantec, Pittenger led the spin-out of his team to form Veracode. He later served as Vice President of the product and training division of Cigital. For the past several years, he has consulted independently, helping security companies identify, define and prioritize the benefit to customers of their technologies, structure solutions appropriately and bring those offerings to market. Mike earned his AB in Economics from Dartmouth College and an MBA with a finance concentration from Bentley College. At Black Duck, he is responsible for strategic leadership of our security solutions, including product direction and strategic alliances. Mike’s extensive security industry background and experience will help us further deliver solutions that help companies mitigate security risks associated with the use open source software, while integrating with the portfolio of security solutions that most large companies employ.

Recent Posts

In my previous post, I wrote about a simple process for triaging vulnerabilities across applications. Once you have the issues prioritized, the vulnerability remediation process is pretty straightforward. You don’t have a lot of options; either remediate the issue, ignore it, or apply other

| MORE >

Security testing tools can help organizations build better software by identifying vulnerabilities early in the SDLC. For security professionals and developers, however, the hard work begins when the testing is complete. Once you have a list of vulnerabilities across multiple applications, what's

| MORE >

We often talk about how open source is not less secure (or more secure) than commercial software. For one thing,commercial software contains so much open source that it’s difficult to find anything that doesn’t include open source. There are, however, characteristics of open source that make it

| MORE >

 Attacks on Apache Struts 2 have escalated over the past couple of days as hackers exploit this critical vulnerability (CVE-2017-5638), which allows attackers to exploit a code-execution bug in the web application framework. Although a patch was available on Monday, hackers have been exploiting it

| MORE >

Every organization starting a security testing program struggles with addressing vulnerabilities. With limited resources in virtually all organizations, prioritizing this work is a requirement. My previous post explained three steps to risk ranking your applications. This is critical because,

| MORE >

It's indisputable that open source software is an essential element in application development worldwide. Its benefits in reducing dev costs, promoting innovation and accelerating time to market explain why open source often comprises more than 50% of an application's code.   There is, however, an

| MORE >

This is the first in a series of posts about how organizations can best apply their security resources to vulnerabilities in open source components. Almost every security lead I speak to would love to have more security resources. Whether it’s people to conduct threat modeling, manual code

| MORE >

I recently read an article titled “How Open Source Nearly Killed My Business.”  In it, the author laments the adoption of open source, and how the burden of customizing and managing the code far outweighs the benefits it provides. I want to take a few minutes to point out some open source myths

| MORE >

I have written a couple of times about how poorly designed IoT devices are threats to our infrastructure and “pollutants” to the Internet. I want to tie that idea back to the importance of managing open source in the IoT market. The Mirai attacks exploited a design weakness in the targeted IoT

| MORE >

The attacks last week on DNS-provider Dyn bring to light an often hidden fact about software security; lack of diligence by companies that ship software shifts the security risk. In other words, if company A ships vulnerable software to its customers, it is the customers who (unknowingly) absorb

| MORE >
Page 1