Skip to content
View coderpatros's full-sized avatar
🌀
🌀
75 followers · 10 following

Achievements

Achievement: Pair ExtraordinaireAchievement: Starstruckx2Achievement: YOLOAchievement: QuickdrawAchievement: Pull Sharkx3Achievement: Arctic Code Vault Contributor

Achievements

Achievement: Pair ExtraordinaireAchievement: Starstruckx2Achievement: YOLOAchievement: QuickdrawAchievement: Pull Sharkx3Achievement: Arctic Code Vault Contributor

Organizations

@government @CycloneDX @DependencyTrack @dotnet-outdated @sbom-tools @OpenVDR @Ecma-TC54

Block or report coderpatros

Block user

Prevent this user from interacting with your repositories and sending you notifications. Learn more about blocking users.

You must be logged in to block users.

Maximum 250 characters. Please don't include any personal information such as legal names or email addresses. Markdown supported. This note will be visible to only you.
Report abuse

Contact GitHub support about this user’s behavior. Learn more about reporting abuse.

Report abuse
coderpatros/README.md

I work at the intersection of software engineering, product security, software supply chain transparency, and international standards development.

As a product security leader at ServiceNow, I’ve managed a globally distributed team driving the maturity of secure software development practices for a platform trusted by over 8,100 customers, including 85% of the Fortune 500. My background spans hands-on secure design reviews and threat modeling, BSIMM assessments, and leading SSDF gap analyses that directly supported U.S. Federal Government contract assurance.

Beyond my day job, I co-lead the OWASP CycloneDX project — one of the world’s most widely adopted SBOM standards, now ratified as ECMA-424 by Ecma International. I built the project’s governance framework, developed key tooling, initiated the Transparency Exchange API, and helped shape government guidance on SBOM adoption across multiple international jurisdictions. I’ve presented on software supply chain security at events including CISA SBOM-a-rama, Lockheed Martin’s Code.LM (keynote), Homeland Security Week, Swiss Cyber Storm, FOSDEM, and AusCERT.

I also serve on the Executive Committee of Ecma International, the standards body behind ECMAScript (JavaScript), C#/.NET, and Office Open XML — contributing to the strategic oversight of technical committees shaping the future of software and system transparency, AI agent interoperability, and GPU shading languages.

Pinned Loading

  1. CycloneDX/specification CycloneDX/specification Public

    OWASP CycloneDX is a full-stack Bill of Materials (BOM) standard that provides advanced supply chain capabilities for cyber risk reduction. SBOM, SaaSBOM, HBOM, AI/ML-BOM, CBOM, OBOM, MBOM, VDR, an…

    XSLT 483 82

  2. cyclonedx-dotnet-msbuild cyclonedx-dotnet-msbuild Public

    An MSBuild task that automatically generates CycloneDX Software Bill of Materials (SBOM) during build

    C# 1

  3. CycloneDX/cyclonedx-cli CycloneDX/cyclonedx-cli Public

    CycloneDX CLI tool for SBOM analysis, merging, diffs and format conversions.

    C# 456 76

  4. CycloneDX/cyclonedx-python CycloneDX/cyclonedx-python Public

    CycloneDX Software Bill of Materials (SBOM) generator for Python projects and environments

    Python 357 90

  5. CycloneDX/cyclonedx-dotnet CycloneDX/cyclonedx-dotnet Public

    Creates CycloneDX Software Bill of Materials (SBOM) from .NET Projects

    C# 256 120

  6. talks talks Public

    Talks I've given

    1