Hi! I'm an Open Source evangelist and Maker, working
with OpenSSL and Apache to
improve software security. I also work on various
software and hardware projects, I cosplay at various events
around the world, and I'm probably
listening to A State of Trance
Articles and talks...
- Apache Security Risk Report: 2021 11 Jan 2022
- Community-led Security at ASF Video Oct 2021
- Our CVE Story: An Open-Source, Community-Based Example 13 Apr 2021
- Apache Security Risk Report: 2020 25 Jan 2021
- Apache Security Risk Report: 2019 31 Jan 2020
- Red Hat Product Security Risk Report: 2016 7 Mar 2017
- Happy 15th Birthday Red Hat Product Security 17 Oct 2016
- Red Hat Product Security Risk Report: 2015 21 Apr 2016
- Go home SSLv2, you're DROWNing 01 Mar 2016
- Don't judge the risk by the logo 8 Apr 2015
- Enterprise Linux 6 Risk Reports: 6.5 to 6.6 (Nov 2014), 6.4 to 6.5 (Nov 2013), 6.3 to 6.4 (Feb 2013), 6.2 to 6.3 (Oct 2012), 6.1 to 6.2 (Dec 2011), 6.0 to 6.1 (May 2011)
- Enterprise Linux 5 Risk Reports: 5.8 to 5.9 (Jan 2013), 5.7 to 5.8 (Sept 2012), 5.6 to 5.7 (Jul 2011), 5.5 to 5.6 (Jan 2011), 5.4 to 5.5 (Apr 2010), 5.3 to 5.4 (Sep 2009), 5.2 to 5.3 (Jan 2009), 5.1 to 5.2 (May 2008), 5.0 to 5.1 (Nov 2007)
- Enterprise Linux 4 Risk Reports: Six years (Aug 2011, PDF), Three years (Feb 2008), Two years (Apr 2007), One year (Mar 2006)
- Older talks and publications (1994-2009)
- Older personal blog articles (2001-2014)
Things you might find on a CV...
- In 1988 attended the University of Bradford doing a degree in Electronics, Communications, and Computer Systems during which time authored various popular Freeware/Shareware software including ResPlay, ModObj, ModRes, ModEdit, ModPlay, Play, and was radio station manager of Radio Ramair.
- In 1992 started a PhD on the internet control of a Robotic Telescope. Initially using an interactive gopher server, but switching to the NCSA web server in October 1993, and then to Apache.
- In April 1995 joined the core development team of Apache, finding and fixing security issues and writing modules such as mod_status. I became a founding member of the Apache Software Foundation, and currently serve as VP, Security.
- In 1996 joined UK Web as technical director working on many projects including co-writing the focus conferencing system, interactive Teletext and internet games for BSkyB, and founded the Apache Week publication.
- In 1997 founded and managed C2Net Europe, designing and developing Stronghold, a secure web server based on Apache. Contributed to various open source projects including mod_ssl and co-founded the OpenSSL project.
- In 2000, C2Net merged with Red Hat and I founded the Red Hat Product Security team which I led until 2018. I then moved to the Open Source Program Office until 2022 and was a founding board member of OpenSSF until 2021.
- Since 2002 I have been a board member of the CVE project and run the Candidate Naming Authorities for OpenSSL and Apache.
