My research has led to many high-profile bug disclosures, including: CVE-2014-6271 (Shellshock), CVE-2015-0235 (Ghost), and CVE-2016–5195 (Dirty COW).

I also work on improving software security by finding vulnerabilities in widely used packages such as OpenSSL, PHP, MySQL, Python’s Django framework and others. In addition to my own research, I’m an active member of several open source projects that help make the Internet safer through vulnerability disclosure.

In 2016 I was awarded a Google Security Research Grant for my contributions to open source software security
https://t.co/1UtLwRRuFo