Romain Gaucher

Current

• Security consultant at Cigital

Past

• Computer scientist: software assurance tools at NIST
• Computer Scientist at GERAD

Education

• ISIMA
• Preparatory school

Connections

112 connections

Industry

Computer Software

Websites

• My Tech blog
• Web Apps Security Consortium
• My Company

Romain Gaucher’s Summary

Tool enthusiast:
Experience with source code security analyzers (Fortify, Klockwork, Coverity, Findbugs, etc.) and Web application security scanners (IBM/Watchfire AppScan, HP WebInspect, Acunetix, Cenzic etc.).

Tool developer:
- Grabber web application scanner
- PHP-AST/Oracle source code manipulation framework & analyzer
- Scalp, Apache log security analyzer

Community/Consortium:
- WASC Officer, project leader for Script Mapping project, contributor for the Web application security scanner evaluation criteria (WASSEC), Thread Classification 2, WASC Article section
- OWASP France board member (Evangelist), Top 10 French Translation (part of), AntiSamy Python

Interests:
- Source code security
- Static analysis & metrics
- Web application security

Romain Gaucher’s Specialties:

web application, source code, security, software assurance, static analysis, hybrid tools, penetration testing

Romain Gaucher’s Experience

• Security consultant

  Cigital

  (Privately Held; Computer Software industry)

  October 2008 — Present (10 months)

  Perform architectural risk analysis, threat modeling, code review (security/quality, automated a/o manual), pen-testing (web apps, mobile apps, software,...).

• Computer scientist: software assurance tools

  NIST

  (Government Agency; Research industry)

  May 2006 — September 2008 (2 years 5 months)

  Co-organizer & Evaluator of the NIST Static Analysis Tool Exposition 2008 (SATE) <http://samate.nist.gov/index.php/SATE>
  
  Study the impacts of the static analysis tools (source code analysis) such as Coverity, Klockwork K7, Fortify SCA, Findbugs, etc., contribute to the SAMATE Reference Dataset, study tools behavior on source code variations (creation of PHP-Ast/Oracle project).
  
  Work on the evaluation methodologies of Web Application Scanners such as Acunetix WVS, Cenzic Hailstorm, Watchfire AppScan, HP WebInspect etc. (creation of a proof-of-concept minimum bar web apps scanner/hybrid tool: Grabber <http://rgaucher.info/beta/grabber/).

• Computer Scientist

  GERAD

  (Research industry)

  April 2005 — September 2005 (6 months)

  Worked on automatic generation of conjectures and theorems of graph theory.
  
  Developed software in C++/Python (Qt, XML, GiNaC):
  - Database on graph theory information
  - Data-Mining: automatic generation/refutation of conjectures and theorems in graph theory (working with invariants)
  - Automation software for Operational Research heuristics
  
  Research with Pierre Hansen and Gilles Caporossi, HEC Montreal/GERAD

Romain Gaucher’s Education

• ISIMA

  master/enginerring school diploma , Computer Science and Applied Mathematics , 2003 — 2006

• Preparatory school

  preparatory school validation , Maths and Physics , 2000 — 2003

  Activities and Societies:

  Mathematics, physics, electronics and mechanics

Additional Information

Romain Gaucher’s Websites:

• My Tech blog
• Web Apps Security Consortium
• My Company

Romain Gaucher’s Interests:

web security, software assurance, source code scanners, web apps scanners, data-mining, mountain-bike, tennis, rugby, ski, babyfoot

Romain Gaucher’s Contact Settings

Interested In:

• career opportunities
• consulting offers
• new ventures
• job inquiries
• expertise requests
• business deals
• reference requests
• getting back in touch