Romain Gaucher

Security Research, Program Analysis, Security Testing

Contact : | http://rgaucher.info
Other: Linkedin, @rgaucher, github

Work Experience


Senior Manager and Lead Researcher, Security Research Lab

Dec. 2011 - present, Synopsys SIG, Paris, France (prev. San Francisco, US).

Lead Security Researcher and Manager until Sept. 2015
Senior Security Researcher until Sept. 2012

As the Senior Manager and Lead Security Researcher, Romain leads the security research across products such as Coverity, Seeker, and Defensics (Codenomicon fuzzer). Our main directive is to identify novel approaches to automatically detect security issues in applications. Romain's team is responsible for the prototyping, specifications, and research for all-security in Coverity, and contributes to other products.

In Products:
Research:

Senior Software Security Consultant

Nov. 2008 - Nov. 2011, Cigital Inc., Washington DC Area, US.

Security consultant until August 2010

As a Senior Consultant, Romain led the development of the security assessment lab within Cigital (now representing a good part of Cigital revenue). Now that the assessment lab is operational, Romain provides technical and research leadership to security analysts by taking on the following roles: Romain worked on projects which cover the entire spectrum of software security testing including: Romain also authored security knowledge standards such as attack patterns (CAPEC), and co-authored the Software Assurance Findings Expression Schema (SAFES).

Computer Security Scientist

May 2006 - Sept. 2008, NIST, Washington DC Area, US.


Study the impact of the static analysis tools (source code analysis) such as Coverity, Klockwork K7, Fortify SCA, etc., contribute to the SAMATE Reference Dataset, study tools behavior on source code variations (creation of PHP source manipulation and metrics computing PHP-Ast/Oracle).
Work on the evaluation methodologies of Web Application Scanners such as Acunetix WVS, Cenzic Hailstorm, Watchfire AppScan, HP WebInspect, Parosproxy etc. (creation of a proof-of-concept minimum bar web apps scanner/hybrid tool: Grabber).
Co-organizing the NIST Static Analysis Tool Exposition (SATE) 2008.
Development of various websites: SAMATE Reference Dataset, SATE 2008's

Data-Mining and Computer Scientist

April 2005 - Sept. 2005, GERAD, Montreal, Canada.


I worked on automatic generation of conjectures and theorems for the graph theory. I developed software in C++ with Qt and XML: "database on graph theory information", "automatic generation/refutation of conjectures and theorems" and "generation of a dissimilarity matrix".
I did this internship under the direction of Pierre Hansen and Gilles Caporossi from the Group for Research in Decision Analysis (GERAD), HEC, Montréal, Québec, Canada.

Community Projects

Papers and Talks

General Computer skills

Education

Languages