Romain Gaucher

Current

• Security consultant at Cigital

Past

• (Web)Apps Security Tools Researcher at NIST
• Computer Scientist at GERAD

Education

• Université Blaise Pascal (Clermont-II) - Clermont-Ferrand
• Preparatory school

Connections

66 connections

Industry

Computer Software

Websites

• My Tech blog
• Web Apps Security Consortium

Romain Gaucher’s Summary

Tool security enthusiast:
Experience with source code security analyzers (Fortify, Klockwork, Coverity, Findbugs, etc.) and Web application security scanners (IBM/Watchfire AppScan, HP WebInspect, Acunetix, Cenzic etc.).

Tool developer:
- Grabber web application scanner
- PHP-AST/Oracle source code manipulation framework & analyzer
- Scalp, Apache log security analyzer

Community/Consortium:
- OWASP France board member (Evangelist), Top 10 French Translation (part of)
- WASC Officer, project leader for Script Mapping project, contributor for the Web application security scanner evaluation criteria

Interests:
- Source code security
- Static analysis & metrics
- Web application security
- Tooling technologies...

Romain Gaucher’s Specialties:

web application/source code security, software assurance, static analysis, hybrid tools

Romain Gaucher’s Experience

• Security consultant

  Cigital

  (Privately Held; 51-200 employees; Computer Software industry)

  October 2008 — Present (3 months)

• (Web)Apps Security Tools Researcher

  NIST

  (Government Agency; 1001-5000 employees; Research industry)

  May 2006 — September 2008 (2 years 5 months)

  Co-organizer & Evaluator of the NIST Static Analysis Tool Exposition 2008 (SATE): http://samate.nist.gov/index.php/SATE
  
  Study the impacts of the static analysis tools (source code analysis) such as Coverity, Klockwork K7, Fortify SCA, etc., contribute to the SAMATE Reference Dataset, study tools behavior on source code variations (creation of PHP-Ast/Oracle project).
  
  Work on the evaluation methodologies of Web Application Scanners such as Acunetix WVS, Cenzic Hailstorm, Watchfire AppScan, HP WebInspect, Parosproxy etc. (creation of a proof-of-concept minimum bar web apps scanner/hybrid tool: Grabber).

• Computer Scientist

  GERAD

  (Educational Institution; 201-500 employees; Research industry)

  April 2005 — September 2005 (6 months)

  I worked on automatic generation of conjectures and theorems for the graph theory. I developed software in C++ (Qt,XML):
  - database on graph theory information
  - Data-Mining: automatic generation/refutation of conjectures and theorems in graph theory (working with invariants)
  - automation software for Operational Research heuristics
  - Data-Mining: generation of a dissimilarity matrix
  
  Research with Pierre Hansen and Gilles Caporossi, HEC Montreal/GERAD

Romain Gaucher’s Education

• Université Blaise Pascal (Clermont-II) - Clermont-Ferrand

  master/enginerring school diploma, Computer Science and Applied Mathematics, 2003 — 2006

• Preparatory school

  preparatory school validation, Maths and Physics, 2000 — 2003

  Activities and Societies:

  Mathematics, physics, electronics and mechanics

Additional Information

Romain Gaucher’s Websites:

• My Tech blog
• Web Apps Security Consortium

Romain Gaucher’s Interests:

web security, software assurance, source code scanners, web apps scanners, data-mining, mountain-bike, tennis, rugby, ski, babyfoot

Romain Gaucher’s Groups:

Guest Researcher Association, WASC, WASC/Script Mapping, WASC, ISIMA

•    ISIMA
•    Open Web Application Security Project (OWASP)
•    SecurityMetrics
•    Security Bloggers Network
•    The Web Application Security Consortium
•    NIST Guest Researcher Network

Romain Gaucher’s Contact Settings

Interested In:

• career opportunities
• consulting offers
• new ventures
• job inquiries
• expertise requests
• business deals
• reference requests
• getting back in touch