Tim Mackey | Technology Evangelist

Tim Mackey is technical evangelist for Black Duck Software, which helps organizations to locate, manage and secure their open source software. Tim’s role is one of engaging with technical communities to best understand how Black Duck can solve their application security problems today, and learn what bleeding edge security concerns are top of mind in order to feed them back into the development team. He is well versed in open source application security, data center security, containers, virtualization and cloud technologies. Tim has spoken at many events including OSCON, CloudOpen, Interop, CA World, Cloud Connect and the CloudStack Collaboration Conference. Tim is a published O'Reilly Media author.

Recent Posts

It’s one hell of a year for Apache Struts. With the latest round of security disclosures comingled with the Equifax data breach, it's reasonable for users of Struts to start questioning if they should be migrating to another framework. After all, there have been five possible remote code execution

| MORE >

With RSA Singapore now in the books, it’s time to look back on the event and a core theme of experiential learning. The stage was set for this with IBM’s Diana Keely highlighting how today’s attacks are rather reminiscent of successful tactics from the past — a form of cyber groundhog day. She

| MORE >

At Black Duck Software, we work with the community and organizations to understand what responsible open source usage means. As part of that process, we view our connection to the open source community as a key component to both understanding where the development community is and educating them

| MORE >

I'm excited to preview the results of our latest efforts to dramatically reduce the time from container vulnerability disclosure to resolution. Some of you may have read my blog post in January advocating Black Duck’s work with the Red Hat OpenShift Container Platform. The goal of that effort was

| MORE >

DockerCon 2017 is around the corner, starting in a few short days. Like most attendees, I like to look for the sessions that most impact my professional life. Lately that’s container security at production scale, and if you’ve dug into the topic in the past you’ll know it’s a bit messy! The

| MORE >

While that may be a catchy title, it’s also the question I've been asking attendees at SCALE and Container World over the past few weeks. More precisely, “Where would you rather get your security vulnerability information from?” Now I’m going to pause here and let that sink in for a minute. Think

| MORE >

It’s that time again, a kickoff to the year’s activities. For me, the first event is DevConf, where I’ll be speaking on the joys of security in an ever increasing Agile and DevOps world. As is my wont, I’ll be presenting concepts that both challenge existing paradigms and provide a way forward. It

| MORE >

For many, the start of a new year is a time of reflection and renewal. Every year we see a flurry of resolutions for the new year. These resolutions can take many forms and typically focus on health, lifestyle and prosperity. For this blog I’m going to focus a bit on the prosperity aspect.

| MORE >

GHOST stories, Dirty COWs and IoT Attacks Three high profile open source security events that happened in 2016 and lessons can be learned from them. With another year under our belts, it’s a great time to look back at open source security vulnerabilities. #3 — CVE-2015-7547 CVE-2015-7547 is often

| MORE >

We’ve all been there. Some key piece of information is known by some, but not you. It could be a party, an office tradition, or that someone expected you to do something. When you find out, it’s normal to have a sinking feeling, but you adjust and deal with the situation. Plus, if you’re anything

| MORE >
Page 1