Mike Pittenger | VP of Security Strategy

Mike Pittenger has 30 years of experience in technology and business, more than 25 years of management experience, and 15 years in security. He previously served as Vice President and General Manager of the product division of @stake. After @stake’s acquisition by Symantec, Pittenger led the spin-out of his team to form Veracode. He later served as Vice President of the product and training division of Cigital. For the past several years, he has consulted independently, helping security companies identify, define and prioritize the benefit to customers of their technologies, structure solutions appropriately and bring those offerings to market. Mike earned his AB in Economics from Dartmouth College and an MBA with a finance concentration from Bentley College. At Black Duck, he is responsible for strategic leadership of our security solutions, including product direction and strategic alliances. Mike’s extensive security industry background and experience will help us further deliver solutions that help companies mitigate security risks associated with the use open source software, while integrating with the portfolio of security solutions that most large companies employ.

Recent Posts

Every organization starting a security testing program struggles with addressing vulnerabilities. With limited resources in virtually all organizations, prioritizing this work is a requirement. My previous post explained three steps to risk ranking your applications. This is critical because,

| MORE >

It's indisputable that open source software is an essential element in application development worldwide. Its benefits in reducing dev costs, promoting innovation and accelerating time to market explain why open source often comprises more than 50% of an application's code.   There is, however, an

| MORE >

This is the first in a series of posts about how organizations can best apply their security resources to vulnerabilities in open source components. Almost every security lead I speak to would love to have more security resources. Whether it’s people to conduct threat modeling, manual code

| MORE >

I recently read an article titled “How Open Source Nearly Killed My Business.”  In it, the author laments the adoption of open source, and how the burden of customizing and managing the code far outweighs the benefits it provides. I want to take a few minutes to point out some open source myths

| MORE >

I have written a couple of times about how poorly designed IoT devices are threats to our infrastructure and “pollutants” to the Internet. I want to tie that idea back to the importance of managing open source in the IoT market. The Mirai attacks exploited a design weakness in the targeted IoT

| MORE >

The attacks last week on DNS-provider Dyn bring to light an often hidden fact about software security; lack of diligence by companies that ship software shifts the security risk. In other words, if company A ships vulnerable software to its customers, it is the customers who (unknowingly) absorb

| MORE >

We saw a preview Friday of how fragile the cyber world can be when DNS service disruptions blocked access to many popular websites. This wasn’t a case of stealing data (which tends to get a lot of media attention).  Instead, the Dyn DDoS attack achieved its goal of disrupting access to internet

| MORE >

Unique Insight and Best Practices for Open Source Security Flight16, Black Duck’s premier open source security conference, is now just a few days away, and the excitement and anticipation is flying high!  As the person responsible for the Security Track, I’ve been working hard with our conference

| MORE >

From time-to-time we receive requests from industry magazines and editors for answers to security questions. It’s a pretty common process, where the editor or writer is looking for answers from five or six industry people. In this case, the writer was looking for answers to which threats in the

| MORE >

A CISO recently told me “If the NSA [or other nation-state supported organization] wants to hack me, they will. If a 16-year-old hacks me using a known exploit, I’ll lose my job.” The news is filled with stories on what we assume are

| MORE >
Page 1