Publications

Notable texts

• Fuzzing chapter on appsec.guide

Scientific

• maplibre-rs: toward portable map renderers
• DY Fuzzing: Formal Dolev-Yao Models Meet Protocol Fuzz Testing (open access)

Disclosures

• CVE-2022-38153 - Denial-of-service attack from arbitrary MITM
• CVE-2022-38152 - Denial-of-service attack from malicious clients
• CVE-2022-39173 - Buffer-overflow on wolfSSL servers
• CVE-2022-42905 - Heap-buffer over-read with WOLFSSL_CALLBACKS
• CVE-2023-6936 - Heap-buffer over-read with WOLFSSL_CALLBACKS, the 2nd
• CVE-2024-21668 - Reported already fixed bug to create a GitHub advisory
• CVE-2023-4969 - Supported coordinating disclosure about GPU leaks
• Disclosing security and privacy issues in NRW

Public audits

• Aleo Systems snarkVM
• OpenSSL