SOURCE: SourceClear


April 20, 2016 09:00 ET

SourceClear Founder and CEO to Speak on Open-Source Security at ApacheCon 2016

Mark Curphey and Renowned Software Security Author John Viega to Present New Research on the Threats to the Software Supply Chain and the Open-Source Ecosystem

SAN FRANCISCO, CA--(Marketwired - Apr 20, 2016) -  SourceClear, the security company for software developers, today announced that at ApacheCon North America 2016, Founder and CEO Mark Curphey will share new research with the open-source community on how the threat landscape has transformed with the adoption of open source, the advent of DevOps and the techniques hackers are now employing, and how developers can protect themselves and their teams against these attacks.

Taking place May 11-13 at the Hyatt Regency Vancouver, in Vancouver, BC, ApacheCon is the official conference of the Apache Software Foundation. This year's North American event will bring together the open-source community to learn about and collaborate on the technologies and projects driving the future of open source, web technologies and cloud computing.

"Hackers have shifted to target developers and their tools. Building software using open-source libraries is the new normal, but the bad guys have figured out that reusable code means reusable vulnerabilities. If you know the tricks there a lot of ways hackers can abuse open source and the related tools that developers rely on," warns Curphey. "Our dedicated research team has been validating and documenting the attack patterns that are being actively exploited, and uncovered new techniques that are possible to exploit in the future. By sharing this information with the open-source community we can make them aware and help them protect themselves."

At ApacheCon North America 2016, Curphey will present, "The new threat landscape of open-source security" on Friday, May 13 from 3:45 - 4:35 p.m. PDT along with John Viega, Executive Vice President, Products and Engineering at BAE Systems Applied Intelligence. Key topics covered will include:

  • When bad things happen to good build and package managers
  • Trusting binary repositories like Maven Central
  • Vulnerabilities and backdoors in open-source libraries
  • Hiding bad things in source code management
  • Abusing continuous integration systems to mine Bitcoins

About SourceClear
SourceClear is the security company for software developers. We are a team of software and security engineers helping software engineering teams build software, safely. We take care of security for open-source and third-party code so our customers can focus on their business: shipping features and delighting users. Headquartered in San Francisco, California, and with an office in Singapore, SourceClear is backed by Index Ventures and Storm Ventures. For more information, visit us at:

All product and company names herein may be trademarks of their respective owners.

Contact Information

  • For more information, please contact:
    Carro Halpin
    CHEN PR, Inc.
    Email Contact