Hey there, I'm Mark Cox, an Open Source enthusiast and Maker with a focus on software security. I've enjoyed starting and working on projects like OpenSSL and the Apache Software Foundation. You might also find me cosplaying or listening to A State of Trance.

Articles and talks...

• Apache Security Risk Report: 2023 11 Jan 2024
• OpenSSL Finances 8 Aug 2023
• Who writes OpenSSL? 17 Jul 2023
• Apache Security Risk Report: 2022 31 Jan 2023
• Apache Security Risk Report: 2021 11 Jan 2022
• Community-led Security at ASF Video Oct 2021
• Our CVE Story: An Open-Source, Community-Based Example 13 Apr 2021
• Apache Security Risk Report: 2020 25 Jan 2021
• Apache Security Risk Report: 2019 31 Jan 2020
• Red Hat Product Security Risk Report: 2016 7 Mar 2017
• Happy 15th Birthday Red Hat Product Security 17 Oct 2016
• Red Hat Product Security Risk Report: 2015 21 Apr 2016
• Go home SSLv2, you're DROWNing 01 Mar 2016
• Don't judge the risk by the logo 8 Apr 2015
• Enterprise Linux 6 Risk Reports: 6.5 to 6.6 (Nov 2014), 6.4 to 6.5 (Nov 2013), 6.3 to 6.4 (Feb 2013), 6.2 to 6.3 (Oct 2012), 6.1 to 6.2 (Dec 2011), 6.0 to 6.1 (May 2011)
• Enterprise Linux 5 Risk Reports: 5.8 to 5.9 (Jan 2013), 5.7 to 5.8 (Sept 2012), 5.6 to 5.7 (Jul 2011), 5.5 to 5.6 (Jan 2011), 5.4 to 5.5 (Apr 2010), 5.3 to 5.4 (Sep 2009), 5.2 to 5.3 (Jan 2009), 5.1 to 5.2 (May 2008), 5.0 to 5.1 (Nov 2007)
• Enterprise Linux 4 Risk Reports: Six years (Aug 2011, PDF), Three years (Feb 2008), Two years (Apr 2007), One year (Mar 2006)

• Older talks and publications (1994-2009)
• Personal blog articles (2001+)
• Projects on GitHub

Projects..

• Authored various popular Freeware/Shareware software in the 1990s including ResPlay, ModObj, ModRes, ModEdit, ModPlay, Play,
• Started a PhD on the internet control of a Robotic Telescope. Initially using an interactive gopher server, but switching to the NCSA web server in October 1993, and then to Apache.
• In April 1995 joined the core development team of Apache, finding and fixing security issues and writing modules such as mod_status. I co-founded the Apache Software Foundation, and currently serve as VP, Security.
• Co-wrote the focus conferencing system, interactive Teletext and internet games for BSkyB, and started the Apache Week publication while technical director at UK Web from 1996.
• Started and managed C2Net Europe in 1997, designing and developing Stronghold, a secure web server based on Apache. Contributed to various open source projects including mod_ssl and co-founded the OpenSSL project.
• Started the Red Hat Product Security team in 2000. An initial board member of OpenSSF until 2021.
• Current board member of the CVE project since 2002 and run the Candidate Naming Authority for Apache.