Hey there, I'm Mark Cox, an Open Source enthusiast and Maker with a focus on software security. I enjoy working on projects like OpenSSL and Apache, as well as exploring new tech. When I'm not geeking out, you might find me cosplaying or listening to A State of Trance. Thanks for checking me out!
Articles and talks...
Apache Security Risk Report: 2022 31 Jan 2023
Apache Security Risk Report: 2021 11 Jan 2022
Community-led Security at ASF Video Oct 2021
Our CVE Story: An Open-Source, Community-Based Example 13 Apr 2021
Apache Security Risk Report: 2020 25 Jan 2021
Apache Security Risk Report: 2019 31 Jan 2020
Red Hat Product Security Risk Report: 2016 7 Mar 2017
Happy 15th Birthday Red Hat Product Security 17 Oct 2016
Red Hat Product Security Risk Report: 2015 21 Apr 2016
Go home SSLv2, you're DROWNing 01 Mar 2016
Don't judge the risk by the logo 8 Apr 2015
- Enterprise Linux 6 Risk Reports: 6.5 to 6.6 (Nov 2014),
6.4 to 6.5 (Nov 2013),
6.3 to 6.4 (Feb 2013),
6.2 to 6.3 (Oct 2012),
6.1 to 6.2 (Dec 2011),
6.0 to 6.1 (May 2011)
- Enterprise Linux 5 Risk Reports: 5.8 to 5.9 (Jan 2013),
5.7 to 5.8 (Sept 2012),
5.6 to 5.7 (Jul 2011),
5.5 to 5.6 (Jan 2011),
5.4 to 5.5 (Apr 2010),
5.3 to 5.4 (Sep 2009),
5.2 to 5.3 (Jan 2009),
5.1 to 5.2 (May 2008),
5.0 to 5.1 (Nov 2007)
- Enterprise Linux 4 Risk Reports: Six years (Aug 2011, PDF),
Three years (Feb 2008),
Two years (Apr 2007),
One year (Mar 2006)
- Authored various popular Freeware/Shareware
software in the 1990s including ResPlay, ModObj, ModRes, ModEdit, ModPlay, Play,
Started a PhD on
the internet control of a Robotic Telescope.
Initially using an interactive gopher server, but switching to the NCSA web server
in October 1993, and then to Apache.
In April 1995 joined the core development team of Apache, finding and fixing
security issues and writing modules such as mod_status. I became a founding
member of the Apache Software Foundation, and currently serve as VP, Security.
Co-wrote the focus
interactive Teletext and internet games for BSkyB, and
founded the Apache Week publication while technical
director at UK Web from 1996.
Founded and managed C2Net Europe in 1997, designing and
developing Stronghold, a secure
web server based on Apache. Contributed
to various open source projects including mod_ssl and co-founded
the OpenSSL project.
Founded the Red Hat Product Security team in 2000. A founding board member of OpenSSF until 2021.
Current board member of the CVE project since 2002 and run the Candidate Naming Authorities
for OpenSSL and Apache.