Tim Mackey | Technology Evangelist

Tim Mackey is technical evangelist for Black Duck Software, which helps organizations to locate, manage and secure their open source software. Tim’s role is one of engaging with technical communities to best understand how Black Duck can solve their application security problems today, and learn what bleeding edge security concerns are top of mind in order to feed them back into the development team. He is well versed in open source application security, data center security, containers, virtualization and cloud technologies. Tim has spoken at many events including OSCON, CloudOpen, Interop, CA World, Cloud Connect and the CloudStack Collaboration Conference. Tim is a published O'Reilly Media author.

Recent Posts

Within a month of the GitHub security alerts’ launch in November 2017, when GitHub began scanning for known vulnerabilities in popular open source libraries and notifying project owners that they should be using an updated version, the security scan for old vulnerabilities in JavaScript and Ruby

| MORE >

The drama around Russian meddling with the US elections has pushed election security into the spotlight. There have been many ideas of how to prevent such tampering in the future, including a New York Times Op-Ed by R. James Woolsey and Brian Fox about the security benefits of open sourcing

| MORE >

Today, open source components are at the heart of most modern applications, transforming how we architect solutions in every industry. Black Duck’s 2017 Open Source Security and Risk Analysis of over 1000 commercial applications revealed that 96% of applications scanned utilized open source.

| MORE >

Application development thrives on the use of open source components. Why? Quite simply, there are many benefits to using open source components, including the ability to leverage skill sets and expertise of the open source community, take advantage of the efforts of larger development teams, and

| MORE >

Companies are leveraging containers on a massive scale to rapidly package and deliver software applications. But because it is difficult for organizations to see the components and dependencies in all their container images, the security risks associated with containerized software delivery has

| MORE >

It’s one hell of a year for Apache Struts. With the latest round of security disclosures comingled with the Equifax data breach, it's reasonable for users of Struts to start questioning if they should be migrating to another framework. After all, there have been five possible remote code execution

| MORE >

With RSA Singapore now in the books, it’s time to look back on the event and a core theme of experiential learning. The stage was set for this with IBM’s Diana Keely highlighting how today’s attacks are rather reminiscent of successful tactics from the past — a form of cyber groundhog day. She

| MORE >

At Black Duck Software, we work with the community and organizations to understand what responsible open source usage means. As part of that process, we view our connection to the open source community as a key component to both understanding where the development community is and educating them

| MORE >

I'm excited to preview the results of our latest efforts to dramatically reduce the time from container vulnerability disclosure to resolution. Some of you may have read my blog post in January advocating Black Duck’s work with the Red Hat OpenShift Container Platform. The goal of that effort was

| MORE >

DockerCon 2017 is around the corner, starting in a few short days. Like most attendees, I like to look for the sessions that most impact my professional life. Lately that’s container security at production scale, and if you’ve dug into the topic in the past you’ll know it’s a bit messy! The

| MORE >
Page 1