Oliver Chang @halbecaf
https://t.co/bmyDmTlFKv Senior Staff Eng @ Google DeepMind. Former: founder of https://t.co/K575lba4tt, lead/co-founder for OSS-Fuzz. Sydney, Australia Joined June 2016-
Tweets197
-
Followers2K
-
Following147
-
Likes318
We derestricted a number of vulnerabilities found by Big Sleep in JavaScriptCore today: issuetracker.google.com/issues?q=compo… All of them were fixed in the iOS 26.1 (and equivalent) update last month. Definitely some cool bugs in there!
Really excited to finally announce CodeMender! As part of this we've already submitted and upstreamed several patches to OSS projects via OSS-Fuzz. Check out our post at: deepmind.google/discover/blog/… There will be more technical details and exciting announcements to come!
Software vulnerabilities can be notoriously time-consuming for developers to find and fix. Today, we’re sharing details about CodeMender: our new AI agent that uses Gemini Deep Think to automatically patch critical software vulnerabilities. 🧵
🚀Inviting GSoC2025 contributors to supercharge OSS-Fuzz-Gen! Opportunities include: 1. Modularize OSS-Fuzz features 2. Enhance Experiment Execution & Report UI 3. Integrate Research Innovations Interested? Send your resume to [email protected]😃 gist.github.com/dynamicwebpaig…
OSV-Scanner has just released the first beta for V2, a major update that includes significant new features, including layer-aware container scanning, remediation for pom.xml, new HTML output and more. osv.dev/blog/posts/osv… Please try it out and give us feedback!
cloud.google.com/blog/products/… Awesome blog on how we’re using SLSA to make GKE more secure for our customers!
Today, we announced the official release of OSV-SCALIBR, Google's software composition analysis library. If you are working in vuln management / security scanning, SCALIBR is for you! SCALIBR is powering most of Google's vuln scanning. Please RT security.googleblog.com/2025/01/osv-sc…
The OSS-Fuzz team is hiring a PhD intern for this summer. Come join us and build the future of fuzzing. Link in next tweet in thread. RTs appreciated!
Happy new year! OSV had a lot of great progress in 2024, from new ecosystem adoption, API improvements, and scanner feature development! We just published a blog about these and our 2025 plans here: osv.dev/blog/posts/202… !
@jduck @clintgibler @metzmanj This is a very fair point! This is exactly why we haven't turned this on by default for all OSS-Fuzz users. One of our next priorities is to automate as much of the triage to determine if it's a legit vuln / attack surface or not (e.g. using an LLM and/or past reported vulns).
The OSS-Fuzz team at @Google is using AI-powered fuzzing to find vulns in open-source software and recently reported 26 new vulns to open-source project maintainers, including one in the OpenSSL library which is critical to most internet infrastructure. security.googleblog.com/2024/11/leveli…
On the heels of @Google’s ‘Big Sleep’ AI discovery of a real-world vulnerability, our OSS-Fuzz team identified and reported 26 vulnerabilities to open-source project maintainers by using AI-generated and enhanced fuzz targets. Read more here: security.googleblog.com/2024/11/leveli…
New blog post about OSS-Fuzz AI-powered fuzzing is live! We talk about what went into making LLMs work well enough for this use case to find 26 new vulnerabilities (including a CVE in OpenSSL), as well as what else we have planned to make this better. security.googleblog.com/2024/11/leveli…
Red Hat joins OSV! openssf.org/blog/2024/11/0… Combined with Ubuntu, Chainguard, and SUSE adopting OSV this year, OSV.dev has really started to become a comprehensive vulnerability source for not only language packages, but also Linux distros!
CVE-2024-9143 (openssl-library.org/news/secadv/20…) was disclosed recently, which was found by OSS-Fuzz-Gen! This is a pretty proud example of our team showing the promise of leveraging LLMs enable more fuzzing coverage.
OSV support announced in the latest Ubuntu 24.10 release! This year has seen OSV adoption from many Linux distributions, and the OSV.dev database is starting to become a really comprehensive source of accurate vuln info across major open source ecosystems!
Today, we proudly unveil Ubuntu 24.10, codenamed "Oracular Oriole" 🔮 Packed with GNOME 47, the Linux 6.11 kernel, permissions prompting, an enhanced command line, OpenVEX and OSV support, and a special #Ubuntu20Years anniversary gift - there’s plenty for you to explore 🚀
Today, we proudly unveil Ubuntu 24.10, codenamed "Oracular Oriole" 🔮 Packed with GNOME 47, the Linux 6.11 kernel, permissions prompting, an enhanced command line, OpenVEX and OSV support, and a special #Ubuntu20Years anniversary gift - there’s plenty for you to explore 🚀 Read more: ubuntu.com/blog/canonical… #Ubuntu #Linux #OracularOriole
@microsvuln @dobinrutis I expect that we'll need to do a combination of: - Implementing these easier automated checks to prune out obvious false positives from incorrect/bad harnesses. - Have some kind of feedback mechanism from project maintainers (e.g. an annotation on public APIs) to help us out
@microsvuln @dobinrutis Yep, there's a lot of low hanging fruit things we can do to determine these automatically (or use an LLM). However, there are also cases when, even as a human, it's hard to tell if something is a legitimate bug or not because of unclear API preconditions and threat models.
One week later the bug count is now at 25 bugs total (github.com/google/oss-fuz…) There's still many improvements to be made to improve success rate of generated targets, but we now have the problem of too many crashes to triage. Automating this will a focus of our future research.
This week we've added another 8 trophies to OSS-Fuzz-Gen (for a total of 14)! These are vulnerabilities found by LLM-generated harnesses. The interesting bit here is many of these are in well-fuzzed projects with thousands of hours of fuzzing already. github.com/google/oss-fuz…
Brendan Dolan-Gavitt @moyix
33K Followers 6K Following Building offsec agents: https://t.co/G9EtnC2Gl3 PGP https://t.co/3WXr0RfRkv
Samuel Groß @5aelo
25K Followers 524 Following Working on Project Zero, Big Sleep, and V8 Security. Personal account. Also @[email protected] and https://t.co/aVitnPjBie
Abhishek Arya @infernosec
5K Followers 185 Following Principal Engineer, AI Security at Google. Opinions are my own.
Marcel Böhme👨�... @mboehme_
7K Followers 1K Following Software Security Group @maxplanckpress PhD @NUSComputing, Singapore Research Group: https://t.co/BRnFNNh6d9
Dan Lorenc @lorenc_dan
11K Followers 2K Following OSS Supply Chain Security. Founder/CEO/Primary Ariba Admin at https://t.co/sGmuUU9JbG Sigstore: https://t.co/dWKlyYu6kv
kylebot @ky1ebot
6K Followers 332 Following @OpenAI | CTF player @Shellphish | PhD @ASU | @angrdothorse dev | Author of how2heap, angrop | Vulnerability Research Hobbyist | @[email protected]
stephen @_tsuro
10K Followers 525 Following @v8js security, CTFs and CPU vulnz. LCHL. @[email protected]
David Korczynski @Davkorcz
1K Followers 257 Following researcher @ADALogics | Software security, fuzzing, vulnerability analysis, AI, open source. | CS PhD from @CompSciOxford
dmnk.bsky.social @domenuk
5K Followers 509 Following 【DΞCOMPILΞ NΣVΞR】 Android Red Team @google Fuzzing @aflplusplus CTF @enoflag (opinions my own)
HackSys Team @HackSysTeam
10K Followers 636 Following Vulnerability Research, Kernel Exploitation, Reverse Engineering, Exploit Development, Program Analysis, Malware Research, Web, Machine Learning
Richard Johnson @richinseattle
19K Followers 3K Following Computer Security, Reverse Engineering, and Fuzzing; Training & Publications @ https://t.co/mloVP6rPB7; hacking the planet since 1995; Undercurrents BOFH
Gareth Heyes \u2028 @garethheyes
38K Followers 1K Following JavaScript for hackers: Learn to think like a hacker. https://t.co/e0aNEbEDk5
Luke Hinds @decodebytes
3K Followers 750 Following Creator of https://t.co/T8htHI7vHB , now building https://t.co/OBABqFvHE2 - the agent security platform.
Mihai Maruseac @mihaimaruseac
3K Followers 2K Following Building AGI with security and privacy at @openai. Previously: @google (model-signing, GUAC, @tensorflow), LeapYear (Haskell, ML, DP)
Andy Nguyen @theflow0
69K Followers 447 Following The opinions stated here are my own, not those of my company.
chrisrohlf @chrisrohlf
11K Followers 926 Following Waging algorithmic warfare since 2003. Engineer, Researcher. MTS @ Anthropic, Non-Resident Research Fellow @CSETGeorgetown CyberAI
Brandon Lum @lumjjb
971 Followers 626 Following 🔑CNCF Security TAG Co-Chair Emiritus 💻Google Engineer 🎸Musician/Guitarist All things Containers + Security... Opinions are my own...
Mary wade @mwade33
2 Followers 530 Following
Rebecca Qian @rebeccatqian
865 Followers 431 Following co-founder + cto @PatronusAI, previously research @MetaAI
Victor Donald @donaldvictorrr
5 Followers 830 Following
X G @itsxgan
1 Followers 892 Following
Stanislav Fort @stanislavfort
16K Followers 8K Following Founder & Chief Scientist @Aisle_Inc | AI security | Stanford PhD in AI & Cambridge physics | ex-Anthropic and DeepMind | scientific progress + economic growth
Hussain Alqurashi @qurashi_hm
93 Followers 6K Following
:) @wFhutbjttg35872
0 Followers 140 Following
vivi_casts_tweet @why_am_i_a_neet
2 Followers 392 Following
Comm Junk @comm70727
4 Followers 991 Following
rethinkdns @rethinkdns
2K Followers 3K Following 🎁 Open source firewall for Android with multi-party WireGuard. 💙 kt, js, go, rs. 🇮🇳 India.
Sameh Malak @s4muii
115 Followers 951 Following Reverse Engineer | Malware Analyst | CTF player@L3ak
Mark @MSTRtotheStars
521 Followers 3K Following
Zheng Yu @dataisland99
115 Followers 297 Following
ndhillon @ndhillon072
120 Followers 3K Following $TSLA 🔥 since 2012 | $BTC ₿ since 2015 | $ETH 🌐 since 2016 | SpaceX 🚀 since 2020 | $COIN 📈 since 2021 | Investor & Builder for the future
Noura N. Alomar @Noura_7N
684 Followers 3K Following PhD in Computer Science @Berkeley_EECS | Assistant professor @_KSU | Research interests: Computer Security, Privacy Engineering, and Software Engineering
Andres Gomez (kurono) @kuronosec
628 Followers 3K Following Founder at @Sakundi_io. PhD in Computer Sciences from Uni Frankfurt and CERN. Interests: blockchain, computer security, privacy, artificial intelligence.
omkar patil @ompatacidboy
16 Followers 32 Following
otto @derpst3b
66 Followers 284 Following
Derek Cedarbaum @DerekCedarbaum
293 Followers 7K Following Product @ Red 6, #2 FTE | Built the world's first in-air augmented reality system for fighter pilots | 🇺🇸
hamaccount @hamaccount
16 Followers 2K Following
Lenny Pruss @lennypruss
4K Followers 1K Following VC @AmplifyPartners. Tepid takes on distributed systems, dev tools and #SJSharks
Youngjoon Kim @youngjoon421
3 Followers 188 Following
Barak @zuzgon
46 Followers 1K Following
Babak Huseynov @babequehuseynov
2 Followers 174 Following learning be, re, ma and fuzzing | studying cybersecurity at innopolis university
صفر الزمن @non___existen
4 Followers 7K Following
s1r1us (mohan) @S1r1u5_
13K Followers 2K Following aham nityaṃ śiṣyaḥ, jagat mama guruḥ. {~hacker~} {founder @ElectrovoltSec, @HacktronAI}
芽郁 (めい) @6Cyq5sksgWfhB
6 Followers 1K Following 東京のセクシー日本人女性、魅力的でデート一触即発。旅行好き、デート温泉で湯気立ち込め熱く。今夜空いてる、デートすぐ来て、妖艶全開。
asdf @qwerzxcv1234a
0 Followers 87 Following
Zhengxiong Luo @zhengxiong_luo
8 Followers 102 Following System Security, LLM Agents. Research Fellow @NUSingapore, PhD @Tsinghua_Uni
ethan @yaaachao
1 Followers 136 Following
Leota Karly @KarlyLeota8690
4 Followers 208 Following
عبد السلام �... @lka3h_taime
468 Followers 2K Following
Allele Security Intel... @alleleintel
1K Followers 2K Following Allele Security Intelligence is an independent company specializing in Information Security research.
danyer @danyermata76
70 Followers 2K Following
Maxim @MaximPavle80949
0 Followers 62 Following
Brendan Dolan-Gavitt @moyix
33K Followers 6K Following Building offsec agents: https://t.co/G9EtnC2Gl3 PGP https://t.co/3WXr0RfRkv
Samuel Groß @5aelo
25K Followers 524 Following Working on Project Zero, Big Sleep, and V8 Security. Personal account. Also @[email protected] and https://t.co/aVitnPjBie
lcamtuf @lcamtuf
40K Followers 499 Following Substack: https://t.co/yFvmNisGW3 Homepage: https://t.co/iFAXZxCO5H
Halvar Flake @halvarflake
45K Followers 3K Following Choose disfavour where obedience does not bring honour. I do math. And was once asked by R. Morris Sr. : "For whom?" @[email protected]
Abhishek Arya @infernosec
5K Followers 185 Following Principal Engineer, AI Security at Google. Opinions are my own.
Marcel Böhme👨�... @mboehme_
7K Followers 1K Following Software Security Group @maxplanckpress PhD @NUSComputing, Singapore Research Group: https://t.co/BRnFNNh6d9
Ivan Fratric 💙💛 @ifsecure
19K Followers 209 Following Tech lead and security researcher at Google Project Zero. Author: Jackalope, TinyInst, WinAFL, Domato. PhD. Tweets are my own. Backup @[email protected]
mdowd @mdowd
33K Followers 754 Following Internet Hacker. Founder of @vigilant_labs. Previously, co-founder of Azimuth Security (now L3Harris Trenchant)
Dan Lorenc @lorenc_dan
11K Followers 2K Following OSS Supply Chain Security. Founder/CEO/Primary Ariba Admin at https://t.co/sGmuUU9JbG Sigstore: https://t.co/dWKlyYu6kv
Gergely Orosz @GergelyOrosz
337K Followers 3K Following Writing @Pragmatic_Eng, the #1 software engineering newsletter on Substack. Author of @EngGuidebook. Formerly Uber & Skype.
stephen @_tsuro
10K Followers 525 Following @v8js security, CTFs and CPU vulnz. LCHL. @[email protected]
David Korczynski @Davkorcz
1K Followers 257 Following researcher @ADALogics | Software security, fuzzing, vulnerability analysis, AI, open source. | CS PhD from @CompSciOxford
Dmitry Vyukov @dvyukov
9K Followers 387 Following I tweet about fuzzing, bugs, sanitizers, security, hardening, kernels, syzkaller, Go, performance, concurrency, lock-free algorithms.
Maddie Stone @maddiestone
62K Followers 796 Following Security Researcher. Previously Google Project Zero and TAG | 0days all day. Love all things bytes, assembly, and glitter. she/her.
dmnk.bsky.social @domenuk
5K Followers 509 Following 【DΞCOMPILΞ NΣVΞR】 Android Red Team @google Fuzzing @aflplusplus CTF @enoflag (opinions my own)
Jaana Dogan ヤナ �... @rakyll
167K Followers 1K Following Software Engineer at Google. Simpler platform, better APIs. Simplicity and optimism. Personal opinions.
Gynvael Coldwind @gynvael
39K Followers 1K Following security researcher/programmer/director @ HexArcana Cybersecurity GmbH ⁂ @pagedout_zine ⁂ @DragonSectorCTF ⁂ https://t.co/ShG2c5As1K ⁂ ex-Google ⁂ he/him
Luke Hinds @decodebytes
3K Followers 750 Following Creator of https://t.co/T8htHI7vHB , now building https://t.co/OBABqFvHE2 - the agent security platform.
Stanislav Fort @stanislavfort
16K Followers 8K Following Founder & Chief Scientist @Aisle_Inc | AI security | Stanford PhD in AI & Cambridge physics | ex-Anthropic and DeepMind | scientific progress + economic growth
Tim Becker @tjbecker
3K Followers 405 Following AI security R&D at @theori_io, @xint_official. LLM vuln research since 2024. Flag capturer at @PlaidCTF. Cryptography enthusiast.
FFmpeg @FFmpeg
117K Followers 184 Following The universal multimedia toolkit. A diverse, community-driven project; posts are by individuals.
Raluca Ada Popa @ralucaadapopa
7K Followers 178 Following Head of Security and Privacy Research @ Google DeepMind. @UCBerkeley security professor. MIT PhD. Co-founder of @OpaqueSys, @imua & @PreVeil.
Demis Hassabis @demishassabis
1.1M Followers 172 Following Nobel Laureate. Co-Founder & CEO @GoogleDeepMind - working on AGI. Solving disease @IsomorphicLabs. Trying to understand the fundamental nature of reality.
Tim Willis @itswillis
5K Followers 201 Following Long time listener, infrequent tweeter. Head of Exploitation and Offensive Research at Google. Views are my own.
Charles Sutton @RandomlyWalking
17K Followers 1K Following Research scientist @GoogleAI / Previously academic @InfAtEd / Deep learning to help people write code. / @[email protected] / ❤️s:🐱🐶☕️🍕
Heather Adkins - Ꜻ ... @argvee
15K Followers 1K Following VP Security @Google, Co-Author "Building Secure and Reliable Systems" @r00t0wns, Medieval Historian
Mathias Payer @gannimo
8K Followers 383 Following Securitatis inquisitor and professor at @EPFL_en leading the #HexHive 🐝 group, focusing on system/software security. @[email protected] (he/him)
Jordi Mon Companys @JordiMonPMM
827 Followers 2K Following Product | Software Delivery, Langtech and Software Supply Chain Security. Currently working at @elastic on Context, Relevance Search and Vector Embeddings.
Adrian Herrera @0xadr1an
1K Followers 746 Following Security researcher with a penchant for functional programming. Building fuzzers @InterruptLabs. PhD @ANUComputing + @HexHiveEPFL.
🅱️unz Mahoney @Posurrr
160 Followers 823 Following I'm just a Memer, I Meme my life away... $yungposey Big Smoke dawg https://t.co/vq64233X07
Mike D. @mdolan
1K Followers 1K Following You can find me at @[email protected] or @mdolan.bsky.social
Vijay Bolina @vijaybolina
4K Followers 7K Following I build and lead deeply technical teams solving some of the hardest problems in the world. Current: CSO @Stealth, Prev CISO @GoogleDeepMind, @Mandiant, USG.
Loic Guelorget @lguelorget
715 Followers 1K Following Security Engineering Leader | Ex-Google | 'Hope is not a strategy' | Citizen: 🇫🇷🇦🇺🇨🇦 | Currently: 🇬🇧.
Adrian Taylor @adehohum
577 Followers 409 Following Browser security person. C++, Python, Rust, kids, mountain biking, snowboarding & climbing. CA & UK. Opinions my own. @[email protected]
Guido Vranken @GuidoVranken
6K Followers 554 Following
Sebastian Lekies @slekies
3K Followers 422 Following Automated Security Scanning & Vulnerability Management @Google
Stefan Bucur @sbucur
277 Followers 326 Following Staff Software Engineer at Google. Empowering devs to write secure and reliable code. Fuzzing. Program Analysis. Symbolic Execution. Past @EPFL, @Adobe.
Noah Smith 🐇🇺�... @Noahpinion
584K Followers 2K Following Writes about economics, posts about rabbits. For serious opinions/analysis, read my blog: https://t.co/KfUxUlCYPz
Cassandra Unchained @michaeljburry
1.9M Followers 33 Following Official X account for Michael Burry, MD, called "Cassandra" by Warren Buffett. Now on Substack with the full story.
Alex Rebert @ayper
522 Followers 662 Following Security @ Google. Previously co-founder of @ForAllSecure. Opinions here are my own. @[email protected]
web3 is going just gr... @web3isgreat
118K Followers 1 Following tracking only some of the many disasters happening in crypto, defi, NFTs, and other blockchain-based projects since 2021 • created by @molly0xfff
Internal Tech Emails @TechEmails
595K Followers 888 Following Internal tech industry emails that surface in public records. 🔍
Julie Qiu @JQiu25
2K Followers 198 Following
Andrew Pollock @andrewsaysgday
13 Followers 41 Following G'day! I'm a Dad, Software Engineer and extremely time poor. I'm an infrequent user of Twitter.
Hasnain Lakhani @mhlakhani
728 Followers 3K Following I try to learn everything. Views hopefully my own. Nerd (PL, Rust, security, AI, systems, …). Leftist. Covid conscious. AuDHD (probably). YIMBY. Free Palestine.
Thuan Pham @thuanpv_
2K Followers 887 Following Senior Lecturer in Cyber Secutity at @UniMelb & ARC DECRA Fellow. Prev @MonashInfotech & @NUSComputing. (Fuzz) Testing enthusiast. Tweets are my own.
@[email protected] @nickyringland
2K Followers 1K Following Recovering Computational Linguist & Computer Science Educator, now a Product Manager in Big Tech. Founder: @groklearning @GPN_Sydney #SuperstarsofSTEM she/her
Darakian @Hooray_Darakian
31 Followers 29 Following The twitter appendage of https://t.co/qoflAWmAFi See also: @[email protected]
Mihai Maruseac @mihaimaruseac
3K Followers 2K Following Building AGI with security and privacy at @openai. Previously: @google (model-signing, GUAC, @tensorflow), LeapYear (Haskell, ML, DP)
Naveen Srinivasan @Naveen_Srini_
83K Followers 20 Following Software Supply Chain Security | Google Open Source Peer Bonus award 2021,2022, and 2024
Chris Ball @cjbprime
1K Followers 775 Following Senior Principal Security Engineer at @Zoom Offensive Security, personal opinions only. Plays CTF with @SamuraiCTF/@Shellphish. Mastodon: @[email protected]
madison | taladrane@f... @taladrane
449 Followers 661 Following putting the charisma, uniqueness, nerve, and talent back into cybersecurity one day at a time 💃 advisory database curation manager @github. she/her
Amanda Walker @_Amanda_Walker
845 Followers 739 Following Not reading Twitter for the foreseeable future.
Berlin Tech Workers C... @TechWorkersBER
3K Followers 217 Following ✊🏼 Curious about trade unions, Works Councils/Betriebsräte? 📆 Join an event Slide in our DMs for any questions! Bitte folge uns auffällig! 🌎 @TechWorkersCo
Yorkim Parmentier @trIx0r
212 Followers 242 Following Senior TPgM @Google Open Source Security Team. Avid video gamer, amateur hiker, food enthusiast! My opinions are my own. #adhd he/him.You might like
