Michael Scovetta is a Principal Security PM Manager with 14 years of experience leading hands-on engineering work at the intersection of software security, open source, and large-scale threat analysis. At Microsoft he leads teams that research vulnerabilities, build tooling, and drive ecosystem initiatives through the Open Source Security Foundation and projects like Alpha-Omega. A practical engineer as well as a leader, he contributes to notable OSS security tools such as ApplicationInspector and DevSkim—improving code quality, dependency hygiene, and automated detection of vulnerable NuGet packages. His background spans enterprise security architecture, incident forensics, and product prototyping from roles at CBS, CA Technologies, and UBS, showing a blend of strategic influence and deep technical delivery. Based in Middleburg, VA, he’s passionate about moving initiatives from “zero to one” and translating research into pragmatic defenses used at scale.
13 years of coding experience
15 years of employment as a software developer
B.S., Computer Science & Mathematics, B.S., Computer Science & Mathematics at Hofstra University
NYS Regents, High School, NYS Regents, High School at St. Anthony's High School
M.Eng, Computer Science, M.Eng, Computer Science at Cornell University
DevSkim is a set of IDE plugins, language analyzers, and rules that provide security "linting" capabilities.
Role in this project:
Security Engineer
Contributions:26 reviews, 48 commits, 13 PRs in 5 years 11 months
Contributions summary:Michael primarily contributed to the security analysis capabilities of DevSkim. They developed a Python script to parse advisory data and generate rules for detecting vulnerable NuGet packages. Additionally, the user made changes to address code compatibility issues and refine existing security rules, while also adding functionality to the command-line interface. Their work focused on enhancing DevSkim's ability to identify and mitigate security vulnerabilities in software projects.
A source code analyzer built for surfacing features of interest and other characteristics to answer the question 'What's in the code?' quickly using static analysis with a json based rules engine. Ideal for scanning components before use or detecting feature level changes.
Role in this project:
Full-stack Developer
Contributions:110 releases, 106 reviews, 12 commits in 2 years 3 months
Contributions summary:Michael primarily focused on code quality improvements and bug fixes. They addressed formatting issues, fixed typos, and removed unnecessary code, enhancing the project's maintainability. Furthermore, the user contributed to bumping dependencies, specifically Newtonsoft.Json and RecursiveExtractor, and updating code references. They also fixed broken rule verifier, thereby improving functionality and stability, and refined code to address potential performance issues.
Find and Hire Top DevelopersWe’ve analyzed the programming source code of over 60 million software developers on GitHub and scored them by 50,000 skills. Sign-up on Prog,AI to search for software developers.
Request Free Trial
Michael Scovetta - Principal Security PM Manager at Microsoft