Mark J Cox

@iamamoose

Security (OpenSSL, Apache), Red Hat, maker, cosplayer

Scotland
awe.com/mark
Joined March 2007
96 Photos and videos Photos and videos

Tweets

You blocked @iamamoose

Are you sure you want to view these Tweets? Viewing Tweets won't unblock @iamamoose

  1. Oct 23

    I'll be at on Thu/Fri in Edinburgh this week. In other news TLS 1.3 in Apache release

    The Apache Software Foundation Announces Apache HTTP Server v2.4.37
    1 retweet 5 likes
    Undo
  2. Retweeted
    Oct 3

    How should we solve the Irish border issue? Something, something... blockchain. Yup, that'll do. 🙄

    2 replies 5 retweets 6 likes
    Undo
  3. Sep 11

    OpenSSL 1.1.1 is out now with TLS 1.3 support.

    27 retweets 39 likes
    Undo
  4. Sep 3

    I was concerned with LLoyds online banking today when I got a Critical Red security alert. It was even flashing to draw my attention. Oh, no, actually, it's just trying to sell me stuff. Come on you can do better

    1 like
    Undo
  5. Aug 14

    In May 2017 I started cleaning up Apache projects CVE names from before we were our own naming authority. There were 100 CVE public but not published at . Happy to announce today the final one was dealt with and we're down to zero.

    4 retweets 7 likes
    Undo
  6. Aug 14

    Really pleased to add two new sponsors to OpenSSL acks page today, and

    3 retweets 10 likes
    Undo
  7. Jun 6

    Where projects have been determined to have a security vuln we have issued CVEs and will complete security releases of those projects. Where affected projects did not experience a vulnerability we have been fixing the identified defects through our normal release processes. 2/2

    2 likes
    Show this thread
    Show this thread
    Undo
  8. Jun 6

    ASF security would like to thank the Snyk Security Research Team for contacting us about these issues We have analysed the ASF projects which they identified to us in order to determine if the issue has security implications for each project. 1/2

    1 reply 2 likes
    Show this thread
    Show this thread
    Undo
  9. Retweeted
    Jun 5

    Announcing Zip Slip: A Widespread Critical Arbitrary File Overwrite vulnerability affecting thousands of projects. Make sure you're not affected. Learn more:

    8 replies 75 retweets 66 likes
    Undo
  10. May 17

    A new blog post from me on a change to the underlying principles in the OpenSSL Security Policy

    7 retweets 9 likes
    Undo
  11. Retweeted
    Apr 10

    Change to ASF httpd vulnerability XML format: Posted by Mark Cox on Apr 10Various OSS projects I've been involved with use a master vulnerability database in XML used for various internal functions such as generating web pages. I know some folks monitor…

    2 retweets 1 like
    Undo
  12. Mar 21

    OpenSSL 1.1.0h and 1.0.2o security updates rated maximum "Moderate" coming on 27th March. (None of the issues are High or Critical severity).

    1 retweet 8 likes
    Undo
  13. Retweeted
    Mar 19

    Drive the Product Security at the world's 2nd largest Open Source vendor? Here is your chance:

    2 retweets 1 like
    Undo
  14. Mar 6

    Our ikettle has suddenly decided we need more tea and every 5 minutes reboils the kettle without us touching it.

    1 like
    Undo
  15. Mar 1

    Desperately Seeking....... the last few OpenSSL committers we've not yet tracked down ... help our next release be Apache licensed!

    4 replies 52 retweets 39 likes
    Undo
  16. Feb 1

    Now OpenSSL vulnerabilities can be listed per version, like . Also affected ranges are shown in a more friendly way. Possible due to replacing the aging XSLT conversion with python.

    4 retweets 10 likes
    Undo
  17. Jan 23

    We've significantly simplified the language in the OpenSSL security policy . List of changes here . We also added more prenotification days as announced last week

    10 retweets 15 likes
    Undo
  18. Jan 20

    In December I attended the OpenSSL meeting in London. We talked about the security policy, FIPS, TLS 1.3 and more!

    4 retweets 8 likes
    Undo
  19. Jan 1

    For 2018 I've changed roles at Red Hat and so after 17 years no longer lead the Product Security team. I'm still working on OpenSSL and Apache security. Follow for your Red Hat product security updates. Good luck and best wishes for 2018 to all.

    2 replies 3 retweets 34 likes
    Undo
  20. 1 Nov 2017

    12 replies 1 retweet 37 likes
    Undo

@iamamoose hasn't Tweeted yet.

Loading seems to be taking a while.

Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.

    You may also like

    ·