Steering Committee

Abhishek Arya is a Principal Engineer and head of the Google Open-Source Security Team. His team has been a key contributor to various security engineering efforts inside the Open-Source Security Foundation (OpenSSF). This includes the Fuzzing Tools (Fuzz-Introspector), Supply Chain Security Framework (SLSA, Sigstore), Security Risk Measurement Platform (Scorecards, AllStar), Vulnerability Management Solution (OSV) and Package Analysis project. Prior to this, he was a founding member of the Google Chrome Security Team and built OSS-Fuzz, a highly scaled and automated fuzzing infrastructure that fuzzes all of Google and Open Source. His team also maintains FuzzBench, a free fuzzer benchmarking service that helps the community rigorously evaluate fuzzing research and make it easier to adopt.

Dr. David Brumley is CEO and co-founder of ForAllSecure and a full professor at Carnegie Mellon University.  His accomplishments include winning the DARPA Cyber Grand Challenge, a United States Presidential Early Career Award for Scientists and Engineers (PECASE) from President Obama, a Sloan Foundation award, a Carnegie Science Award, several patents, numerous academic papers, a DEFCON black badge, and mentoring one of the most competitive hacking teams in the world.

Deirdre Connolly is a cryptographic engineer at the Zcash Foundation. She works on secure implementations of cryptographic software with an eye on privacy applications, misuse-resistance, and an eye on quantum adversaries. She obtained her BS from MIT in 2009.

Alex currently serves as Deputy Chief Technologist for Security at the Federal Trade Commission. Prior to that, he was at the United States Digital Service. He’s previously worked at Alloy, Mozilla, and another stint at the United States Digital Service. Alex has a long history of involvement in the open-source community. He’s a core developer of the Python Cryptographic Authority and previously has served as a member of the board of directors of both the Python and Django Software Foundations. Alex lives in Washington, DC, and likes delis and bagels.

Royal Hansen is Vice President of Privacy, Safety & Security at Google, where he is responsible for driving strategy and implementation in these areas across the company’s technical infrastructure and product lines. There, he was responsible for solutions protecting the security and integrity of the company’s technology systems and the customer, business, and employee information they processed. Before American Express, Royal served as both the Managing Director, Technology Risk and the Global Head of Application Security, Data Risk and Business Continuity Planning at Goldman Sachs. Royal was also previously at Morgan Stanley and Fidelity Investments, where he managed Enterprise IT Risk, Application Security and Disaster Recovery. Royal began his career as a software developer for Sapient before building a cyber-security practice in the financial services industry at @stake, which was acquired by Symantec. Royal holds a BA in Computer Science from Yale University. He was awarded a Fulbright Fellowship in information sciences and Arabic language study, which he completed at the United Arab Emirates University.  

Sumana Harihareswara is a project manager, programmer, and trainer who leads a consultancy working with open-source software projects and maintainers. She led the rollout of the next-generation PyPI.org and pip resolver, and has worked on HTTPS Everywhere, Autoconf, Mailman, MediaWiki, and several other open-source projects across industry, academia, nonprofits, and volunteer settings. She works with the Secure Systems Lab at New York University on securing the software supply chain in Python and is a member of the Python Software Foundation’s Packaging Working Group. She is writing a book on rejuvenating and managing legacy open source projects and teaches workshops in maintainership skills. She earned an Open-Source Citizen Award in 2011 and a Google Open Source Peer Bonus in 2018. She lives in New York City and founded Changeset Consulting in 2015.

Dr. Angelos Keromytis is Professor, John H. Weitnauer Technology Transition Endowed Chair, and Georgia Research Alliance (GRA) Eminent Scholar at the Georgia Institute of Technology. He is an ACM and IEEE Fellow, and President of Voreas Laboratories Inc and Aether Argus Inc, two Georgia Tech technology spinoffs. He has served as Program Director with the National Science Foundation and Program Manager at DARPA. His field of research is systems and network security, and applied cryptography.

Mathias Payer is a security researcher and associate professor at EPFL, leading the HexHive group. His research focuses on protecting applications in the presence of vulnerabilities, with a focus on memory corruption and type violations. He is interested in software security, system security, binary exploitation, effective mitigations, fault isolation/privilege separation, strong sanitization, and software testing (fuzzing) using a combination of binary analysis and compiler-based techniques.

Eric Rescorla is Chief Technology Officer, Firefox at Mozilla, where he is responsible for setting the overall technical strategy for the Firefox browser.  He has contributed extensively to many of the core security protocols used in the Internet, including TLS, DTLS, WebRTC, ACME, and QUIC.  He was editor of TLS 1.3, which secures over 50% of websites. In order to remove barriers to encryption on the web, he co-founded Let’s Encrypt, a free and automated certificate authority that now issues more than a million certificates a day, and helped HTTPS grow from around 30% of the web to over 80%.  Previously, he served on the California Secretary of State’s Top To Bottom Review where he was part of a team that found severe vulnerabilities in multiple electronic voting devices.

Nikhil is a Senior Principal Researcher at Microsoft Research (MSR) at its headquarters in Redmond, USA, where he has worked since 2008. His expertise is in programming language design and semantics, formal verification, and software security. He is perhaps best known for his work on F*, a proof-oriented programming language. Verified cryptographic algorithms, communication protocols, blockchain components, and network virtualization software produced in F* are deployed in the Linux kernel, in Windows, in the Microsoft Azure cloud, in the Firefox web browser, and several other industrial software components, improving computer security and reliability for billions of users every day.

Dr. David A. Wheeler is an expert on open-source software (OSS) and on developing secure software. His works on developing secure software include “Secure Programming HOWTO”, the Open-Source Security Foundation (OpenSSF) Secure Software Development Fundamentals Courses, and “Fully Countering Trusting Trust through Diverse Double-Compiling (DDC)”. He also helped develop the 2009 U.S. Department of Defense (DoD) policy on OSS. David A. Wheeler is the Director of Open-Source Supply Chain Security at the Linux Foundation and teaches a graduate course in developing secure software at George Mason University (GMU). Dr. Wheeler has a PhD in Information Technology, a Master’s in Computer Science, a certificate in Information Security, a certificate in Software Engineering, and a B.S. in Electronics Engineering, all from George Mason University (GMU). He is a Certified Information Systems Security Professional (CISSP) and Senior Member of the Institute of Electrical and Electronics Engineers (IEEE). He lives in Northern Virginia.

Laurie Williams is a Distinguished University Professor in the Computer Science Department at North Carolina State University (NCSU). Laurie is a co-director of the NCSU Secure Computing Institute, the NCSU Science of Security Lablet, and the North Carolina Partnership for Cybersecurity Excellence (NC-PaCE).  Laurie’s research focuses on software security; agile software development practices and processes, particularly continuous deployment; and software reliability, software testing and analysis. Laurie is an IEEE Fellow and an ACM Fellow. Laurie received her Ph.D. in Computer Science from the University of Utah, her MBA from Duke University Fuqua School of Business, and her BS in Industrial Engineering from Lehigh University.   She worked for IBM Corporation for nine years in Raleigh, NC and Research Triangle Park, NC before returning to academia.