Incentivized to report and resolve vulnerabilities publicly and to validate the information provided by other researchers.
Incentivized to code review and merge vulnerability resolutions.
Incentivize research into projects or specific vulnerabilities, and create bounties.
Incentivized to contribute to consensus about the vulnerability status of an asset and are a factor for the policy engine.
Remove centralized authority and drive the incentivization process for the activities and behavior required for improving security.
Enables organizations to limit access to an asset (docker, cloud, base image) based on vulnerability status and other authorizations.
Previously, Director of Engineering Operations at MoPub, scaling it to billions of requests per day, before it was acquired by Twitter for $350M. Prior to that, built distributed systems at drop.io, an early file-sharing startup, which was acquired by Facebook in 2009.
Was building distributed systems before devops was even a word. He’s an OG Chef contributor, golang gopher, multicopter/drone racing pilot, and has helped many companies tame unruly systems.
Founded Pistol Lake and AccelGolf, two venture-funded companies. Prior to that, was on the founding team, and Head of Product, at ad-tech company, Shareaholic, backed by General Catalyst.