API
FAQTop ExpertsChrome Extension
Sign in

Zach Steindler

Principal Engineer at OpenSSF

Ann Arbor, Michigan, United States
email-iconphone-icongithub-logolinkedin-logotwitter-logostackoverflow-logofacebook-logo
Join Prog.AI to see contacts
email-iconphone-icongithub-logolinkedin-logotwitter-logostackoverflow-logofacebook-logo
Join Prog.AI to see contacts

Summary

🤩
Rockstar
🎓
Top School
Zach Steindler is a Principal Engineer with 15 years of experience who specializes in software supply chain and cloud security, currently driving security work at GitHub from Ann Arbor. He chairs the OpenSSF Technical Advisory Council, co-chairs the Securing Software Repositories working group, and co-maintains Sigstore projects including cosign and sigstore-go. Zach pairs technical leadership with hands-on engineering—contributing notable enhancements to GitHub’s CLI attestation features (offline verify, trusted root management) and adding protobuf bundle and timestamp authority support to cosign. His background spans building high-throughput real-time systems at Olark and leading cloud security and availability initiatives at Duo, giving him a rare combination of production-scale engineering and practical security strategy. He’s known for translating open-source best practices into enterprise-grade controls while balancing developer ergonomics with provable supply-chain guarantees.
code15 years of coding experience
job11 years of employment as a software developer
bookBSE, Computer Engineering, BSE, Computer Engineering at University of Michigan
github-logo-circle

Github Skills (23)

protobufs10
commandline-interface10
command-line-interface10
digital-signature10
security10
go10
commandline10
command-line10
protobuff10
protobuf310
protobuf10
cli10
testing9
github-ci9
api-doc9

Programming languages (13)

SmartyC++CSSCMakefileGoHTMLTypeScript

Github contributions (5)

github-logo-circle
sigstore/cosign

Mar 2021 - Mar 2025

Code signing and transparency for containers and binaries
Role in this project:
userBack-end Developer & Security Engineer
Contributions:33 reviews, 11 PRs, 58 comments in 4 years
Contributions summary:Zach primarily focused on adding support for protobuf bundles and enhancing the verification process for the `cosign` project. They implemented new bundle formats for verifying signed blobs and attestations. Additionally, the user improved the integration with timestamp authorities to include digital signatures from time-stamping authorities and also addressed issues related to signing and verifying bundles.
containerscryptographycosignsigningsign
cli/cli

Dec 2023 - Oct 2024

GitHub’s official command line tool
Role in this project:
userBack-end Developer & Security Engineer
Contributions:41 reviews, 12 PRs, 16 pushes in 10 months
Contributions summary:Zach primarily focused on enhancing the security and functionality of the `gh cli` tool, specifically within the `attestation` subcommand. They added support for various predicate types and implemented features to filter and manage attestations. Their work included modifying the `attestation verify` command to function in offline mode. Furthermore, they contributed to the security of the tool by adding unit tests, updating dependencies, and refactoring code based on linter feedback. They also introduced a new subcommand for managing trusted root certificates.
golangcommand-line-toolgocommand-linecli
Find and Hire Top DevelopersWe’ve analyzed the programming source code of over 60 million software developers on GitHub and scored them by 50,000 skills. Sign-up on Prog,AI to search for software developers.
Request Free Trial
Privacy PolicyPrivacy Data SubjectsTerms of UseDo Not Sell My Info
Zach Steindler - Principal Engineer at OpenSSF