Eric Brown is an R&D software engineer and founder with 12+ years building developer-friendly security tooling, currently at Broadcom and running Secure Sauce, the maker of Precaution — a GitHub-integrated static analysis tool. He is a long-time open-source security maintainer (Bandit) whose work helped the project reach thousands of stars and millions of downloads, and has deep contributions to core OpenStack projects (Nova, Keystone, Cinder, Glance) improving configuration, VMware integrations, and secret handling. Eric blends hands-on backend engineering (Python, oslo_config, security plugins) with productizing developer workflow tools, including an open-source CLI and a React/Docusaurus frontend. His background spans engineering leadership at VMware and security ownership at IBM, where he implemented encryption and compliance features for enterprise systems. Based in Redwood City, he combines pragmatic product focus with a reputation for making security seamless for developers. An interesting detail: he built both GitHub Apps and CLI utilities that bridge CI/CD and static analysis, showing a knack for shipping integrated developer experiences.
12 years of coding experience
24 years of employment as a software developer
Bachelors Computer Science, Bachelors Computer Science at Purdue University
Bandit is a tool designed to find common security issues in Python code.
Role in this project:
Security Engineer
Contributions:23 releases, 384 reviews, 160 commits in 4 years 6 months
Contributions summary:Eric primarily contributed to the security aspects of the `bandit` tool, a security scanner for Python code. Their work involved updating the tool's functionality to address and report on newly discovered vulnerabilities. Contributions included modifying and creating plugins to scan for the use of insecure hash functions, and deprecated TLS versions. The user also updated the documentation and code to reflect changes in the related security ecosystem, updating URLs and adding example code.
Python AST-based static analyzer from OpenStack Security Group
Role in this project:
Back-end Developer & Security Engineer
Contributions:92 commits in 3 years 2 months
Contributions summary:Eric primarily contributed to enhancing the security aspects of the `bandit` static analysis tool. They refactored code to improve existing security checks, such as those for insecure cipher modes and weak cryptographic keys. Furthermore, the user added new tests to cover the identified vulnerabilities. This included the addition of checks for known insecure hash functions like SHA-1.
Find and Hire Top DevelopersWe’ve analyzed the programming source code of over 60 million software developers on GitHub and scored them by 50,000 skills. Sign-up on Prog,AI to search for software developers.
Request Free Trial
Eric Brown - R&D Software Engineer at Secure Sauce