Mark Cox is a veteran open source security leader with over 30 years of experience shaping the backbone of the web, from co-founding the Apache Software Foundation to founding and steering the OpenSSL project. As VP Security at Apache and long-time head of Red Hat’s product security team, he blends deep hands-on cryptographic engineering (notably core OpenSSL BN fixes and mitigations for PKCS #1 v1.5 attacks) with strategic vulnerability response and CVE stewardship. He has repeatedly led cross-industry initiatives—serving on the CVE Program board and the OpenSSF governing board—to improve how open source software is secured and coordinated. Based in Scotland, Mark is also an active maker and community evangelist who brings a practitioner’s curiosity (and occasional cosplay) to hard security problems. His PhD in Internet Security underpins a rare mix of academic rigor and decades of production engineering.
30 years of coding experience
29 years of employment as a software developer
Sinfin Community School
Doctor of Philosophy (PhD) Internet Security, Doctor of Philosophy (PhD) Internet Security at University of Bradford
Mirror of Apache HTTP Server. Issues: http://issues.apache.org
Role in this project:
Backend Developer
Contributions:151 commits in 16 years 10 months
Contributions summary:Mark contributed to the Apache HTTP Server project by modifying documentation, adding modules, and fixing security vulnerabilities. They added and updated module documentation, and added new functionality. The user fixed a security flaw in the `mod_rewrite` module, demonstrating an understanding of security practices and the codebase. The user's work also extended to general configuration and installation documentation.
Contributions:4 PRs, 45 comments, 5 issues in 4 years 5 months
Contributions summary:Mark primarily contributed to the OpenSSL library, focusing on bug fixes and improvements to core cryptographic functions. Their work involved addressing issues within the BN (BIGNUM) code, which directly impacts certificate verification and other essential operations. The user's commits also incorporated new functions to enhance security, particularly addressing vulnerabilities like PKCS #1 v1.5 signature attacks and buffer overflows, and they also included changes to the compression code and version handling.
crypto-librarycryptographyssltlscrypto
Find and Hire Top DevelopersWe’ve analyzed the programming source code of over 60 million software developers on GitHub and scored them by 50,000 skills. Sign-up on Prog,AI to search for software developers.
Request Free Trial
Mark Cox - VP Security at Apache Software Foundation