Hi, I'm Andrew! 👋
I am a Principal Engineer at MITRE, where I work on a few different things:
⚠️ Support the development of CVE, the world's largest system for tracking vulnerabilities in software and hardware.- 🔍 Lead the development of Hipcheck, a tool for automated supply chain risk assessment of software repositories.
- 🖇️ Contribute to OmniBOR (formerly GitBOM), a standard and tooling for recording build inputs for software artifacts.
- 🛡️ Wrote "Memory Safety for Skeptics," published in the ACM Queue.
- 🗒️ Write on my personal blog about topics like memory safety, open source software, and software supply chain security.
- 🦀 Write at Possible Rust with intermediate-level articles teaching what's possible in the Rust programming language.
- 🗨️ Keep a list of languages written in Rust.
⁉️ Maintain woah, aResulttype that separates errors you can handle from errors you can't.- 🏷️ Maintain semver-explain, a CLI tool for explaining SemVer requirements.
- 🛑 Maintain replace_err, which adds a
replace_errmethod forResult. - 🏗️ Maintain pathbuf, a convenient macro for building
PathBufs. - 🪄 Created FindCargo.cmake, a CMake module for interoperating with Cargo.
- ⏲️ Wrote dcalc, a CLI duration calculator.
- 🐱 Wrote good-cat, a cat that hates pipes.
- 📎 Wrote gccarch, a tool for getting info on GCC's supported architectures.
- 📆 Wrote skej, a little analyzer for concurrent schedules.
- ⛓️ Built the first FFI interface for Pact, a framework for testing APIs.
- 🖋️ Wrote the old Rust FAQ.
- 👨🏫 Taught programming language theory to undergrads.
- 🎒 Spoke at RustConf 2017 about teaching Rust in a programming language theory class.
- 📖 Spoke at Rust Belt Rust 2016 about how to write good documentation.
- 🎤 Spoke on a panel at VulnCon 2025 about software identification in CVE
- 🪲 Spoke about how memory safety will impact vulnerabilities at the Cal Poly Pomona SWIFT Tech Symposium 2025
