Gary Kwong

I'm currently a Principal at yGit Software.

Built and deployed funfuzz running 24/7 on Windows / Linux / macOS locally, in the Amazon EC2 AWS Cloud, on x86 / x86-64 / ARM64 architectures; collated information from testcases including: stacktraces via gdb, reverse debugger traces via rr, rr trace submission via pernosco, Git/Mercurial revision, compilation information, runtime flags into the bug report; worked with developers to ensure the bugs’ reproduction on machines for debugging. • Managed funfuzz, 10K+ public Python project on GitHub, while interacting with FuzzManager to identify SpiderMonkey security bugs, Mozilla’s JavaScript engine. • Reduced several thousand-line (security-sensitive) JavaScript and WebAssembly (wasm) testcases to minimal forms using a line-based reducer, Lithium. • Produced Autobisectjs, Python code aiming to bisect test cases back in time to identify when the issue first occurred or when the bug first surfaced. This also worked for identifying when an issue got fixed or got hidden by another patch. • Reported >2,6K SpiderMonkey bugs via fuzzing, and >3,5K total across all Mozilla products. • Reported 19 bugs in Google V8 JS Engine, and 4 bugs in Microsoft ChakraCore Engine.

Managed fuzzer maintenance (jsfunfuzz / compare_jit) and assisted in its development; facilitated group discussions on Eastern / Western cultural working differences; organized localization and open source community events in East Asia/Southeast Asia. • Created fuzzers: randorderfuzz and funbind – WebAssembly. • Migrated funfuzz, comprising several thousand lines of code in production, over to Python 3.6. • Created Windows support for FuzzManager, a centralized tool for fuzzbugs. • Created a JavaScript binary build catching system on Amazon S3 to save on computer processing time.