Ken Duck - Employment

Independent Software Consultant / Founder

Dec 2020 - Present

REMOTE Liverpool, Nova Scotia

Software Consultant, Founder, and Acquired Product Leader; I leverage over a decade of deep technical expertise and entrepreneurial vision to design, build, and scale Software-as-a-Service (SaaS) platforms.

Key Engagements and Achievements

Founder, Vör Security: Built, scaled, and led the successful acquisition of OSS Index (an open-source vulnerability tracking SaaS platform), which achieved massive industry adoption by handling hundreds of millions of monthly requests for software component data.
Platform Modernization: Led full-stack development and major front-end framework migration for a next-gen web-based battery testing and analysis platform.
Real-Time Microservices: Part of a team designing and implemented a cutting-edge, microservice-based real-time system for distributed energy storage orchestration.
AI Product Development: Architecting and building event-driven microservices that integrate LLMs and neural networks to create commercially viable AI-powered products.

Consulting Focus

Platform Strategy: Software architecture, scalable microservices, and event-driven design.
AI Integration: Architecting and integrating machine learning models into production systems.
Product Acceleration: Exploratory prototyping and technical leadership for early-stage development.
Engineering Excellence: DevOps, developer tooling, and LLM-aided development workflows.

I am actively seeking new consulting partnerships where I can apply a unique blend of hands-on software engineering, technical leadership, and expertise in launching innovative, data-driven products.

References

OSS Index active website
Acquisition of Vör Security by Sonatype
Sonatype Expands OSS Index Data Volume with Millions of Components - on the size of OSS Index.
Tom Alrich Discusses OSS Index's Role in Large-Scale SBOM Adoption - on the scale of OSS Index.

Sonatype Inc.

Staff Engineer & Acquired Product/Engineering Leader

Jun 2017 - December 2025

REMOTE Fulton, Maryland

My eight-year tenure began following the acquisition of my venture, Vör Security/OSS Index. I transitioned through roles encompassing Product Management and Senior Engineering, culminating in a Staff Engineer/Tech Lead position. My focus was consistently on leading the design, architecture, and development of core security and developer infrastructure platforms.

Key Achievements & Contributions

Tech Leadership: Led architecture and development for several initiatives, balancing hands-on coding (Java, Spring Boot) with technical direction, mentoring, and system design.
Microservices Re-Architecture: Co-led a rearchitecture of Nexus Lifecycle, moving the platform to a microservice-based system for modern CI/CD environments.
Maven Central Contributor: Core contributor to Maven Central (the world's largest Java repository), working on Java/Rust microservices, complex data stores, and AWS infrastructure.
Prototype & Innovation: Led high-impact teams prototyping SAST features (Static Analysis), and driving the development of new features for Sonatype Developer and Sonatype Lift.
Acquisition & Scaling: Maintained technical oversight of OSS Index post-acquisition, aligning data aggregation pipelines with commercial ingestion processes to significantly accelerate vulnerability discovery.
Vulnerability Detection: Served as Product Manager and Technical Lead for the automated vulnerability detection platform, a core intelligence source for all Sonatype products.
Product/Business Bridge: Acted as the crucial bridge between security research, engineering, and business units, translating complex technical requirements into actionable product features.

This diverse tenure enabled me to consistently deliver value across the entire product lifecycle—from entrepreneurial vision and early-stage development to senior-level architectural strategy and technical execution in a large, acquired product ecosystem.

References

Sonatype for Azure DevOps at the Visual Studio Marketplace
OSS Index active website

Novonix Inc

Platform Modernization & Full-Stack Consultant

Nov 2022 - Oct 2024

REMOTE Halifax, Nova Scotia

As a consultant to this leading battery technology company, I joined a high-impact "skunkworks" team dedicated to building their next-generation battery testing and analysis SaaS platform. My mandate was full-stack feature delivery, architectural guidance, and enhancing long-term platform scalability.

Key Contributions

Front-End Migration: Directed and executed a zero-downtime framework migration from Angular to React, measurably improving application performance and developer experience (DX).
Platform Scalability: Spearheaded major refactoring initiatives to significantly enhance long-term platform scalability, code maintainability, and testing velocity across the stack.
Full-Stack Delivery: Delivered critical full-stack features for the custom battery analysis platform, utilizing Python (Backend) and modern JavaScript frameworks.

STARTUPVör Security

CEO and Founder

Oct 2013 - Jun 2017

Ottawa

Founded and led Vör Security, an independent SaaS company focused on open-source security tooling. Developed the flagship product, OSS Index, a publicly accessible vulnerability database and scanning platform designed to improve security visibility for developers. Vör Security and OSS Index were acquired by Sonatype in June 2017, marking a successful exit.

Key Achievements

Successful Acquisition: Successfully negotiated the acquisition of Vör Security and OSS Index by Sonatype, a leader in software supply chain security.
Platform Scale & Architecture: Designed and developed the OSS Index platform, a high-scale SaaS vulnerability database supporting 15+ package ecosystems (Maven, npm, PyPI, NuGet, Cargo, etc.).
Massive Industry Adoption: Achieved massive industry adoption, powering hundreds of millions of monthly requests and checking tens of billions of software components per month for vulnerabilities.
Executive Leadership: Led and executed all aspects of Vör Security, defining the product vision, designing the platform architecture, managing development, and securing acquisition/client financing.
Ecosystem Integration: Led integration efforts for automated security scanning tools and ecosystem-specific plugins.

References

OSS Index active website
Audit.js (npm) GitHub repository
[Management role]Audit.NET (Visual Studio) GitHub repository
[Management role] DevAudit GitHub repository
Maven plugin (java) Online help
Gradle plugin (java) GitHub repository
Sonatype press release on the acquisition of Vör Security

STARTUP Dalhousie University/Quantum Research Analytics

Senior Software Developer

June 2013 - July 2017

REMOTE Halifax, Nova Scotia

Part of the core development team for a deep-tech company focused on formal verification to reduce errors in complex aviation, automotive, and utility systems. Contributions focused on building early-stage prototypes and the core verification platform.

Key Contributions:

Verification Platform: Designed and built QVTrace, a full-stack application for managing and visualizing complex engineering system models.
Formal Verification: Integrated with services which used formal verification solvers (Z3, CVC4) to enable automated detection of logical flaws in early-stage system designs.
Data Visualization: Developed intuitive user interfaces for navigating and interpreting complex verification results across large datasets.

References

QvTrace at the Wayback Machine (2002)