Craig Young

Craig Young is a computer security researcher with Tripwire's Vulnerability and Exposures Research Team (VERT). He has identified and responsibly disclosed dozens of vulnerabilities in products from Google, Amazon, IBM, NETGEAR, Adobe, HP, Apple, and others. His research has resulted in numerous CVE assignments and repeated recognition in the Google Application Security Hall of Fame. Craig won in track 0 and track 1 of the first ever SOHOpelessly Broken contest at DEF CON 22 by demonstrating 10 0-day flaws in SOHO wireless routers. His research into iOS WiFi problems exposed CVE-2015-3728 that could allow devices to inadvertently connect to malicious hot spots. Craig has also found many bugs by fuzzing a variety of open source software including PHP, Apache, Perl, Ruby, MatrixSSL, and more. In 2017, Craig was involved in the discovery of Bleichenbacher oracles in TLS stacks made by at least nine different vendors including Cisco, Citrix, F5, IBM, and Palo Alto.

Appearing at:

Return of Bleichenbacher's Oracle Threat (ROBOT)