Mike Pittenger | VP of Security Strategy

Mike Pittenger has 30 years of experience in technology and business, more than 25 years of management experience, and 15 years in security. He previously served as Vice President and General Manager of the product division of @stake. After @stake’s acquisition by Symantec, Pittenger led the spin-out of his team to form Veracode. He later served as Vice President of the product and training division of Cigital. For the past several years, he has consulted independently, helping security companies identify, define and prioritize the benefit to customers of their technologies, structure solutions appropriately and bring those offerings to market. Mike earned his AB in Economics from Dartmouth College and an MBA with a finance concentration from Bentley College. At Black Duck, he is responsible for strategic leadership of our security solutions, including product direction and strategic alliances. Mike’s extensive security industry background and experience will help us further deliver solutions that help companies mitigate security risks associated with the use open source software, while integrating with the portfolio of security solutions that most large companies employ.

Recent Posts

I recently read an article titled “How Open Source Nearly Killed My Business.”  In it, the author laments the adoption of open source, and how the burden of customizing and managing the code far outweighs the benefits it provides. I want to take a few minutes to point out some open source myths

| MORE >

I have written a couple of times about how poorly designed IoT devices are threats to our infrastructure and “pollutants” to the Internet. I want to tie that idea back to the importance of managing open source in the IoT market. The Mirai attacks exploited a design weakness in the targeted IoT

| MORE >

The attacks last week on DNS-provider Dyn bring to light an often hidden fact about software security; lack of diligence by companies that ship software shifts the security risk. In other words, if company A ships vulnerable software to its customers, it is the customers who (unknowingly) absorb

| MORE >

We saw a preview Friday of how fragile the cyber world can be when DNS service disruptions blocked access to many popular websites. This wasn’t a case of stealing data (which tends to get a lot of media attention).  Instead, the attack on Dyn achieved a goal of disrupting access to internet

| MORE >

Unique Insight and Best Practices for Open Source Security Flight16, Black Duck’s premier open source security conference, is now just a few days away, and the excitement and anticipation is flying high!  As the person responsible for the Security Track, I’ve been working hard with our conference

| MORE >

From time-to-time we receive requests from industry magazines and editors for answers to security questions. It’s a pretty common process, where the editor or writer is looking for answers from five or six industry people. In this case, the writer was looking for answers to which threats in the

| MORE >

A CISO recently told me “If the NSA [or other nation-state supported organization] wants to hack me, they will. If a 16-year-old hacks me using a known exploit, I’ll lose my job.” The news is filled with stories on what we assume are

| MORE >

Last March, the White House released a draft policy for requiring federal agencies to share software, with the possibility of requiring federally-funded code to be released as open source. Last month, the Bulgarian government followed suit, and raised the ante by including a bug bounty program in

| MORE >

We all worry about the adversary who is out to get us. It might be a criminal enterprise after credit card data, a competitor who wants our IP, or a nation state looking to disrupt our operation. Each of these can be a legitimate concern. How do you prioritize, and what type of attack should you

| MORE >

Traveling to security conferences from Boston can be like a mini-reunion. On the flight into Las Vegas I ran into former colleagues from @stake, Veracode, Cigital, and Savant Protection (now part of Digital Guardian). The Boston security community can be pretty insular, so there was also a mix of

| MORE >
Page 1