API
FAQTop ExpertsChrome Extension
Sign in

Eric Brown

R D Software Engineer at Bandit

Redwood City, California, United States
email-iconphone-icongithub-logolinkedin-logotwitter-logostackoverflow-logofacebook-logo
Join Prog.AI to see contacts
email-iconphone-icongithub-logolinkedin-logotwitter-logostackoverflow-logofacebook-logo
Join Prog.AI to see contacts

Summary

🤩
Rockstar
🎓
Top School
Eric Brown is an R&D software engineer and founder based in Oakland, California, with 11 years of experience building developer-first security tooling. He founded Secure Sauce and created Precaution, a GitHub-integrated static analysis app (plus the open-source CLI precli), and is a long-time maintainer of the popular Bandit security linter. An active OpenStack contributor, he has improved Cinder, Nova, Glance, Keystone and Ceilometer with a strong focus on configuration hygiene and VMware integrations. At VMware and now Broadcom he blends hands-on Python back-end engineering, CI/CD integration, and security research into practical tools that surface vulnerabilities earlier in development. A throughline in his work is making configuration files safer and more auditable—adding choices, ranges, and secret marking to reduce attack surface across large codebases.
code12 years of coding experience
job24 years of employment as a software developer
bookBachelors, Computer Science, Bachelors, Computer Science at Purdue University
languagesEnglish, German, Japanese
github-logo-circle

Github Skills (55)

securitytxt10
static-code-analysis10
debug10
static-analysis10
documentations10
volumes10
pytest10
python10
back-end-development10
testing10
configuration-management10
audit10
drivers10
vmware10
openstack-nova10

Programming languages (16)

MDXJavaCSSRustMojoCGoHTML

Github contributions (5)

github-logo-circle
PyCQA/bandit

Apr 2018 - Oct 2022

Bandit is a tool designed to find common security issues in Python code.
Role in this project:
userSecurity Engineer
Contributions:23 releases, 384 reviews, 160 commits in 4 years 6 months
Contributions summary:Eric primarily contributed to the security aspects of the `bandit` tool, a security scanner for Python code. Their work involved updating the tool's functionality to address and report on newly discovered vulnerabilities. Contributions included modifying and creating plugins to scan for the use of insecure hash functions, and deprecated TLS versions. The user also updated the documentation and code to reflect changes in the related security ecosystem, updating URLs and adding example code.
python-codelinterpythonsecurity-toolssecurity
openstack-archive/bandit

Feb 2015 - Apr 2018

Python AST-based static analyzer from OpenStack Security Group
Role in this project:
userBack-end Developer & Security Engineer
Contributions:92 commits in 3 years 2 months
Contributions summary:Eric primarily contributed to enhancing the security aspects of the `bandit` static analysis tool. They refactored code to improve existing security checks, such as those for insecure cipher modes and weak cryptographic keys. Furthermore, the user added new tests to cover the identified vulnerabilities. This included the addition of checks for known insecure hash functions like SHA-1.
static-analyzerpython-astpythonsecuritysecurity-group
Find and Hire Top DevelopersWe’ve analyzed the programming source code of over 60 million software developers on GitHub and scored them by 50,000 skills. Sign-up on Prog,AI to search for software developers.
Request Free Trial
Privacy PolicyPrivacy Data SubjectsTerms of UseDo Not Sell My Info
Eric Brown - R D Software Engineer at Bandit