DigiCert Blog

All posts by: Dan Timpson

About Dan Timpson

As CTO, Dan Timpson is responsible for DigiCert’s technology strategy and plays a key role in leading the security industry by driving new initiatives. Dan has over two decades of experience leading teams in software engineering, penetration testing, and security auditing.

  1. Advancing the Goal of Automated PKI for More Secure DevOps

    Today, DigiCert joins Venafi to announce a partnership that will significantly advance security for DevOps by providing convenient and seamless access to limited-use private PKI certificates designed specifically for internal testing and build environments. This initiative is a positive step toward enabling TLS security within DevOps environments in a way that allows accelerated development, faster…


  2. Automated SSL Installation: A Deeper Dive into Express Install™

    By now you’ve heard the news that DigiCert rolled out some new tools last month to streamline certificate lifecycle management. One of these tools is Express Install—a utility that allows system admins to automate SSL Certificate installation and HTTPS configuration. The Concept This useful tool simplifies the complexity and hassle of enabling HTTPS on websites.…


  3. Lenovo’s Superfish Adware and the Perils of Self-Signed Certificates

    Late last night, reports started coming out that Lenovo was shipping PCs with man-in-the-middle adware that breaks HTTPS connections. Lenovo, like most manufacturers, ships its PCs with pre-installed software. In this case, the software is Superfish, which inserts visual advertisements into web pages such as Google search results. And while this pre-installed adware is annoying…


  4. This POODLE Bites: New Vulnerability Found on Servers

    Today, Google announced a vulnerability in the implementation of the SSL 3.0 protocol, potentially compromising secure connections online. DigiCert and other security experts are recommending system administrators disable SSL 3.0 on their servers and use TLS 1.1 or 1.2. This vulnerability does not affect SSL Certificates. There is no need to renew, reissue, or reinstall any…


  5. Shellshock Bash Bug: What You Need to Know

    Currently known as ‘Shellshock’ or ‘the bash bug,’ the GNU Bash Remote Code Execution Vulnerability (CVE-2014-6271) affects almost all Linux, UNIX, and Mac OS X operating systems (which are based on UNIX). Administrators are being urged to patch immediately as the bug is wide-spread, extremely serious, and attacks exploiting it are easy to implement. There…