Jesse Ruderman

jruderman@gmail.com | +1 310 293 4650

Skills

Mozilla & Firefox (2000-2016)

Fuzz testing
My fuzz-testing tools found over 2000 bugs in Firefox's JavaScript and layout engines, including 250 exploitable memory safety bugs. Andreas Gal swears he will never again write a compiler without fuzz-testing it.
Security
I found many types of security holes by thinking about interactions coders might have overlooked. My white-box finds include layout history key collision and subverting assignment with setters. My black-box finds include a document.write XSS race and subverting the meaning of a dialog.
Usability
I made many suggestions for user interface design, along with arguments based on UI heuristics and observations. I wrote the patch that made ⌘-click on links work consistently throughout Firefox.
Security ∩ Usability
In numerous places where security and usability appeared to be in conflict, I found solutions that compromised neither. But I also discovered race conditions in security UI, a subtle class of vulnerabilities for which Mozilla is still trying to find that balance.
Positions
2005–2016Mozilla CorporationFirefox security & fuzz testing
2004IBM Browser Technology CenterFirefox kiosk mode (intern)
2002Netscape CommunicationsFirefox accessibility (intern)
2001 Firefox security (intern)
2000–Mozilla open-source volunteerFirefox bug triage & testcase reduction

Other Projects

Bookmarklets
Created over a hundred bookmarklets, small JavaScript programs that automate web browsing and web development tasks. My bookmarklets have appeared in the New York Times and in Google: The Missing Manual.
Lithium
My testcase-reduction tool is widely used within the Mozilla community. Invaluable for fuzz-testing, it can reduce a crash testcase in O(reduced size ⋅ log(original size)) trials.

Education

Harvey Mudd College Computer Science (2000–2004)
3.8 major GPA, 3.5 overall GPA. Took many classes in Psychology, Math, and Economics.
UCSD Computer Science (graduate-level coursework, 2004–2005)
While writing my final paper for an Algorithms course, I discovered a flaw in Advogato's trust metric.