Jesse Ruderman: Resume

Jesse Ruderman

Skills

Programming in Rust, C++, Python, SML, PDXscript
Building web pages with HTML, CSS, JavaScript
Designing automated tests for scripting engines

Mozilla & Firefox (2000-2016)

Fuzz testing

My fuzz-testing tools found over 2000 bugs in Firefox's JavaScript and layout engines, including 250 exploitable memory safety bugs. Andreas Gal swears he will never again write a compiler without fuzz-testing it.

Security

I found many types of security holes by thinking about interactions coders might have overlooked. My white-box finds include layout history key collision and subverting assignment with setters. My black-box finds include a document.write XSS race and subverting the meaning of a dialog.

Usability

I made many suggestions for user interface design, along with arguments based on UI heuristics and observations. I wrote the patch that made ⌘-click on links work consistently throughout Firefox.

Security ∩ Usability

In numerous places where security and usability appeared to be in conflict, I found solutions that compromised neither. But I also discovered race conditions in security UI, a subtle class of vulnerabilities for which Mozilla is still trying to find that balance.

Positions

2005–2016	Mozilla Corporation	Firefox security & fuzz testing
2004	IBM Browser Technology Center	Firefox kiosk mode (intern)
2002	Netscape Communications	Firefox accessibility (intern)
2001	Netscape Communications	Firefox security (intern)
2000–	Mozilla open-source volunteer	Firefox bug triage & testcase reduction

Other Projects

Bookmarklets: Created over a hundred bookmarklets, small JavaScript programs that automate web browsing and web development tasks. My bookmarklets have appeared in the New York Times and in Google: The Missing Manual.
Lithium: My testcase-reduction tool is widely used within the Mozilla community. Invaluable for fuzz-testing, it can reduce a crash testcase in O(reduced size ⋅ log(original size)) trials.

Education

Harvey Mudd College Computer Science (2000–2004): 3.8 major GPA, 3.5 overall GPA. Took many classes in Psychology, Math, and Economics.
UCSD Computer Science (graduate-level coursework, 2004–2005): While writing my final paper for an Algorithms course, I discovered a flaw in Advogato's trust metric.