About (1) My main interest is software security, with a special focus on software vulnerability, including both vulnerability discovery and vulnerability mitigation.
- We have implemented an end-to-end heap buffer overflow defense tool which is capable of detecting and fixing various real-world vulnerabilities, including the Heartbleed.
- We have analyzed data from bug bounty programs to obtain insights of white hat behaviors and provide suggestions for these programs. I am interested in design new systems and mechanisms that can leverage the potential of the crowd in vulnerability discovery and security.
- Familiar with Web vulnerabilities discovery, model checking and fuzzing. I also am explo...