Scaling the Security Researcher to Eliminate OSS Vulnerabilities Once and For All
I spoke at Black Hat about the work I've been performing as the first ever Dan Kaminsky Fellow.
Jonathan Leitschuh
United States
Jonathan Leitschuh is a Security Software Engineer and Security Researcher, and is currently the first ever Dan Kaminsky Fellow. Jonathan is best known for the July 2019 Zoom Video Conferencing 0-Day Vulnerability. He also championed an industry-wide initiative to formally decommission the support of HTTP in favor of HTTPS only support by major artifact servers in the JVM ecosystem. He has a degree in Robotics and Computer Science from Worcester Polytechnic Institute. His security research focuses on widespread-common security vulnerabilities impacting OSS. He enjoys finding security vulnerabilities in OSS in as well as contributing to the GitHub Security Lab Bug Bounty Program. He's a strong proponent for security researchers having and enforcing vulnerability disclosure policies. He has spoken at conferences ranging from BSides, to Black Hat and DEF CON! In his free time, Jonathan sails his Hobie Getaway Catamaran in Boston Harbor.
Community Contributions
We Have the Tech to Scale Up Open Source Vulnerability Fixes — Now It's Time to Leverage It
Q&A with Jonathan Leitschuh, inaugural HUMAN Dan Kaminsky Fellow, in advance of his upcoming Black Hat USA presentation.
Spotlight on First Dan Kaminsky Fellow: Jonathan Leitschuh
HUMAN Security honors its late co-founder, Dan Kaminsky, with a fellowship to fund smart and passionate cybersecurity advocates to do open source work for common good.
Research Shows Over 100,000 Libraries Affected By Maven Vulnerability CVE-2021-26291
I disclosed CVE-2021-26291, a vulnerability in the Java build tool Apache Maven. The vulnerability affects over 100,000 libraries in Maven Central.
[Live Stream] CodeQL Code Scanning Language Tutorial
Recording of my live streamed walkthrough of the CodeQL Code Scanning Tutorial
[Live Stream] CodeQL Code Scanning Language Tutorial
I did a live stream providing an introduction to the CodeQL programing language. This provided a guided walk-through of the CodeQL tutorial.
How to Hold a Virtual Memorial Service
Was interviewed by Steven Birenbaum for the NYT regarding the security of Zoom for holding virtual funerals, as well as my own experience holding a Zoom funeral for my mother in May of 2020.
CNAs and CVEs – Can allowing vendors to assign their own vulnerability IDs actually hinder security?
I was interviewed by PortSwigger for my comments and experience working with CNAs around issuing CVE numbers for security vulnerabilities.
