Jesse Ruderman
Mountain View, California
jruderman@gmail.com
(310) 293-4650
- Languages
- My favorites are SML, Python, and JavaScript. I'm also comfortable with C++, HTML, CSS, DOM, and Mozilla's XPCOM.
- Mozilla project
-
- Fuzz testing
- My fuzz-testing tools found over 2000 bugs in Firefox's JavaScript and layout engines, including 250 exploitable memory safety bugs. Andreas Gal swears he will never again write a compiler without fuzz-testing it.
- Security
- I found many types of security holes by thinking about interactions coders might have overlooked.
My white-box finds include
layout history key collision and
subverting assignment with setters.
My black-box finds include
document.write XSS race and
subverting the meaning of a dialog.
- Usability
- I made many suggestions for user interface design, along with arguments based on UI heuristics and observations. I wrote the patch that made link modifiers work consistently throughout Firefox.
- Security ∩ Usability
- In numerous places where security and usability appeared to be in conflict, I found solutions that compromised neither. But I also discovered race conditions in security UI, a subtle class of vulnerabilities where we're still trying to find that balance.
- Mozilla project employers
-
| Netscape Communications | 2001 (summer internship) | Mozilla: security |
| 2002 (summer internship) | Mozilla: accessibility |
| IBM Browser Technology Center | 2004 (summer internship) | Mozilla: kiosks |
| Mozilla Corporation | 2005 to 2009+ | Mozilla: security & fuzzing |
Personal projects
- Bookmarklets
- Created over a hundred bookmarklets, small JavaScript programs that automate web browsing and web development tasks.
My bookmarklets have appeared in PC Magazine, the New York Times, and Google: The Missing Manual.
- Firefox extensions
- My extensions include Search Keys, with 2000 active daily users, and Thumbs, with 9000 active daily users (May 12, 2009).
- Lithium
- My testcase-reduction tool is widely used within the Mozilla community. Invaluable for fuzzing, it can reduce a crash testcase in O(reduced size * log(original size)) trials.
Education
- Harvey Mudd College (2000-2004)
-
3.757 GPA in Computer Science major, 3.538 GPA overall. Took many classes in Psychology, Math, and Economics.
- UCSD Computer Science Ph.D. program (2004-2005)
- After a year of grad school, I decided it wasn't for me, and left without an advanced degree. But while writing my final paper for graduate Algorithms, I discovered a flaw in Advogato's trust metric.