Professional experience

May 2006 onward, Computer Security Scientist at NIST

Study the impacts of the static analysis tools (source code analysis) such as Coverity, Klockwork K7, Fortify SCA, etc., contribute to the SAMATE Reference Dataset, study tools behavior on source code variations (creation of PHP-Ast/Oracle).
Work on the evaluation methodologies of Web Application Scanners such as Acunetix WVS, Cenzic Hailstorm, Watchfire AppScan, HP WebInspect, Parosproxy etc. (creation of a proof-of-concept minimum bar web apps scanner/hybrid tool: Grabber).
Co-organizing the NIST Static Analysis Tool Exposition 2008.
Development of various websites: SAMATE Reference Dataset, SATE 2008's

Expertise: Web Applications Security, Source Code Security, Static Analysis Tools, Web Apps Scanners, C, C++, Python, PHP, MySQL
April 2005 - Sept. 2005, Data-Mining/Computer Scientist

I worked on automatic generation of conjectures and theorems for the graph theory. I developed software in C++ with Qt and XML: "database on graph theory information", "automatic generation/refutation of conjectures and theorems" and "generation of a dissimilarity matrix".
I did this internship under the direction of Pierre Hansen and Gilles Caporossi from the Group for Research in Decision Analysis (GERAD), HEC, Montréal, Québec, Canada.

Expertise: C++, Python, Qt 3.3/4.0, GiNaC, Graph theory, Data-Mining, Rules generation

Community Projects

Web Application Security Consortium (WASC):
1. Script Mapping (Project Leader)
2. WebApp Security Scanner Evaluation Criteria - WASSEC (Contributor)
OWASP:
1. OWASP Chapter France, board member
2. OWASP Top Ten 2007, French Translation (Contributor)
Others:
1. RSnake's XSS Cheat Sheet SVG Entry

R. Gaucher, "SATE 2008: Automated Evaluation", Presentation, PLDI 2008, Static Analysis Workshop, June 12, 2008, Tucson, AZ, USA.
R. Gaucher, "Web Application Security Scanners: Problems and Solutions for testing the tools", Presentation, DHS Software Assurance Working Groups Session, Jan 31, 2008, Virignia, USA.
R. Gaucher and E. Dalci, "Web Application Security Scanners: Building a test suite for the tools", Presentation, HICSS-41 Conference (IEEE), Jan 6, 2008, Hawaii, USA.
E. Fong, R. Gaucher, V. Okun, E. Dalci and P. Black, "Building a Test Suite for Web Application Scanners", in Proceedings of HICSS-41 Conference (IEEE), Jan 7-10, 2008, Hawaii, USA.
E. Fong and R. Gaucher, "Testing web application scanner tools", Presentation, Verify Conference 2007, Oct 30, 2007, USA.
V. Okun, W. Guthrie, R. Gaucher and P. Black, "Effect of Static Analysis Tools on Software Security: Preliminary Investigation", in Proceedings of 3nd International Workshop on Quality of protection (QoP 2007) Conference, Oct 29, 2007, Alexandria VA, USA.
P Black, E. Fong, V. Okun and R. Gaucher, "Software Assurance Tools: Web Application Security Scanner, Functional Specification Version 1.0", NIST Special Publication 500-269, Aug. 29, 2007, USA.
M. Koo, R. Gaucher and V. Okun "Source Code Security Analysis Tool: Test Plan", NIST Special Publication 500-270, March. 9, 2007, USA.

2003-2006: Graduate from ISIMA (Master degree) grad school. Speciality in modelling and applied mathematics.
Clermont-Ferrand, France (ISIMA Website)
2000-2003: Classes préparatoires (specific advanced classes: maths, physics and electronics) at Troyes, France.
2000: Baccalauréat in electronics at Troyes, France

Languages:

Languages: C, C++, FORTRAN, Java, Python, Assemblers x86/68000/SSE2, Scheme, PROLOG, LaTeX.
Web: XHTML, CSS, PHP, MySQL, XML, XSLT, JavaScript, Ajax techniques.
Web Security: Penetration Testing, Created a Web Apps Scanner/Hybrid Analysis Tool, Using tools such as AppScan, WebInspect, Acunetix, Hailstorm...
Apps Security: Using tools such as Fortify SCA, Klockwork K7, findbugs... Knowledge on Static analysis techniques (control-flow/data-flow analysis), language parsing, etc.
Software: CPLEX, GLPK, CHIP, Matlab, Microsoft Visual Studio, The SAS System.
Others: Operational Research, Data-Mining, Finites Elements Methods, Trolltech Qt (3.3 and 4.x), Parallelism (OpenMP and MPI), OpenGL programming, Constraint programming, Simulation, Modelling and Mathematics.

Third year project: "A least squares cluster wise regression heuristic using Variable Neighbourhood Search (VNS)"
We have to improve the robustness and the efficient of this model. We are using C++, Java and Python for some tests and implementations of data-mining algorithms and meta-heuristics. You can download the project sources (full C++): clusterwise-VNS
This project comes from collaboration with Pierre Hansen and Gilles Caporossi from the GERAD.
Second year project:. Building a modeller for linear programming problems. It calls ILOG CPLEX solver or the gnu equivalent solver: GLPK. This project uses C++ and have a binding in Python (with Boost). The current "Modelib" implementation supports LP and MPS format.
This project is not active anymore, but can be found here: http://rgaucher.info/modelib (French comments etc.)
First year project: 3D simulation of some space explorer. Made in C++ with OpenGL, this simulator works by loading XML space information, planets definition and render it in full 3D.

2007, webmaster of the Guest Researcher website: http://guestresearcher.org
2005/2006, VP of the Alumni association at ISIMA, in charge of the ceremony
2005, orgnizer of the integration weekend for freshman
2004/2005, webmaster of the student association website: http://www.isima.fr/bde
Sports: Rugby (Used to be a member of the ISIMA team), Squash, Tennis, Mountain-bike.

Professor at HEC Montréal. Holder of the Data Mining Chair at HEC Montréal. Member of the Group for Research in Decision Analysis (GERAD).
Mr. Hansen Pierre.Hansen _AT_ hec _DOT_ ca + 514 340 6486
HEC Montréal, 3000, Chemin de la Côte-Sainte-Catherine, H3T 2A7 Montréal (Québec), Canada.
Professor at ISIMA Clermont-Ferrand. In charge of speciality: Development, Optimization and Graph Theory
Mr. Duhamel Christophe.Duhamel _AT_ isima _DOT_ fr +33 473 405 037 ISIMA, Campus Universitaire des Cézeaux, BP 125 63173 AUBIERE Cedex, France.