Sonatype is the software supply chain management company behind Nexus Repository and the maintainer of Maven Central, the world's largest repository of open source Java components. Founded in 2008 by core contributors to Apache Maven, it helps developers and enterprises find, manage, and secure the open source code that powers modern software - blocking malicious packages, enforcing policy, and generating software bills of materials (SBOMs) across the development lifecycle.
Semgrep is a San Francisco application-security company that builds a unified AppSec platform (Code/SAST, Supply Chain/SCA, and Secrets) used by engineering teams at Dropbox, Figma, Snowflake and others. Born out of an open-source tool originally written at Facebook, it lets security teams write code-like rules and ship them through CI - cutting false positives and pushing fixes back to developers.
Rick Fitz is the Chief Executive Officer and Chairman of the Board at Contrast Security, the application security company behind the 'Shift Smart' approach to securing software from within. A 25-year enterprise software veteran, Fitz came to the role in April 2023 after six-plus years as SVP and General Manager of Splunk's IT Operations and Application Development Market Group, where he steered the company through landmark acquisitions including SignalFX. At Contrast, he leads a 240-person company with $274M in total funding as it works to redefine how developers and security teams find and fix vulnerabilities at runtime - inside applications as they run, rather than scanning from the outside.
Isaac Evans is the Founder and CEO of Semgrep, the developer-first application security platform that has redefined how modern engineering teams handle code security. An MIT-trained computer scientist with a background in U.S. Department of Defense security research, Evans co-founded Semgrep in 2017 with college roommates Drew Dennison and Luke O'Malley. Under his leadership, Semgrep grew from a niche static analysis tool into a platform scanning 75+ million code repositories annually, serving customers like Figma, Dropbox, Slack, and Snowflake. In February 2025, the company closed a $100M Series D led by Menlo Ventures, bringing total funding to $193M. Evans's core thesis - that security must serve developers, not obstruct them - has made Semgrep a defining force in the AppSec category.