Ken, upon realizing that product management was not satisfying for him, moves back to a Senior Software Developer role. He moved to the newly formed "Lift" group that is developing Sonatype Lift, a cloud-based continual assurance product. He persisted through several rounds of ideation and prototyping until the desired development track was found, outlasting multiple other developers -- prototyping particularly suits Ken's temprament and skills. His role as a Senior (full stack) developer includes:
Of particular note, within the Lift team Ken is an approachable source of knowledge on Sonatype data and products, particularly considering his extensive experience developing and managing the software security teams. This knowledge has helped significantly streamline and improve Lift development and the Lift product itself.
Development on OSS Index has continued apace. The most significant improvement has been migrating the back end to use a subset of Sonatype's commercial data, instead of its own database. Besided being an overall improvement in data quality, this has the added benefit of streamlining the required research and subsequent team (the OSS Index and Commercial research teams were merged). This has resulted in an overall increase in research speed (and more vulnerabilities found!)
Ken continued his career at Sonatype as Product Manager of the software security teams, where his role included:
Ken continued to develop for and support the public OSS Index, while putting into action plans to move the development and maintenance to Sonatype development teams. Ken has expanded the coverage of OSS Index, and developed and overseen the development of numerous open source scanning tools including:
Upon acquisition of Vör Security by Sonatype, Ken worked as a senior software developer working on internal software security tools behind Sonatype's products.
Ken continued to support and develop OSS Index during this time.
TwoDucks consulting was incorporated in October 2013 and recently renamed to Vör Security. Since its incorporation Vör Security has grown to a small company of three employees.
Vör Security developed the free open source vulnerability tracking system, OSS Index, which together were acquired by Sonatype in June 2017. During this time OSS Index added support for numerous ecosystems and tool integrations and scanners.
QRA is "building tools to reduce engineering and testing costs for highly complex systems in the aviation, automotive, and utilities industries. By combining cutting edge technology, including quantum computing, and the latest mathematical techniques, QRA is able to find design flaws very early in the development cycle. QRA is poised to be at the forefront of complex system design through partnerships with leading institutions and corporations."*
I have been heavily involved in the development of the QVTrace web-based front end, built using HTML5 and AJAX technologies and communicating with the QVTrace back end to perform verification and validation of system models. My roles include:
KDM Analytics "is a security assurance company providing products and services for threat risk assessment and management, due diligence assessments, and information and data assurance. Leveraging our decades of experience in static analysis, reverse engineering and formal methods, we have created breakthrough products for the automated and systematic investigation of code, data and networks."
Much of the work performed by KDM Analytics revolves around OMG standards and specifications. My roles include a large variety of tasks in management, design, architecture, and development.