Joined July 2009
- Tweets 8,972
- Following 1,051
- Followers 2,642
- Likes 1,076
150 Photos and videos
Apr 30
We just published an update to the Chrome VRP. Blog post is at bughunters.google.com/blog/e…. The gist: we are restructuring based on the AI advancements to allow for more automated triage and easier to predict payment amounts.
1
2
11
926
19 Mar 2025
Making inroads into memory safety, one step at a time - developer.chrome.com/blog/me…
3
285
15 Jan 2025
We are looking for an Android security expert to join our team and work on securing Chrome on Andoird. Job posting is available at google.com/about/careers/app…, but also feel free to reach out to me directly.
1
2
388
Nasko Oskov retweeted
1 Nov 2024
2024Q3 update from @googlechrome security: chromium.org/Home/chromium-s…
1
2
386
Nasko Oskov retweeted
28 Aug 2024
📢 Chrome VRP reward updates! 💰 Bigger payouts (up to 5x higher, $250,000 ) and clearer guidelines, all designed to incentivize high-quality Chrome security research. Let's work together to make Chrome even safer! 🔐
bughunters.google.com/blog/5…
40
177
39,365
Nasko Oskov retweeted
5 May 2024
This morning, I read about Satya Nadella’s latest memo, which emphasizes Microsoft’s new priority: security above all. The memo introduces a policy linking senior leadership compensation to the achievement of "security plans and milestones." I see this as a commendable step forward for Microsoft but more will be needed if they are to get back to being a security leader. Some thoughts here: unmitigatedrisk.com/?p=793
4
4
29
5,041
Nasko Oskov retweeted
2 May 2024
Unpopular opinion: companies doing an about-face to focus only on AI while abandoning existing products will regret that decision.
75
152
1,318
124,570
Nasko Oskov retweeted
26 Apr 2024
Here's what we've been doing in @googlechrome security in the first three months of this year: chromium.org/Home/chromium-s…
5
14
2,801
Nasko Oskov retweeted
30 Apr 2024
I published a step by step guide on using Windows event logs to hunt for malware trying to steal sensitive data from browsers e.g. cookies, passwords etc. security.googleblog.com/2024… #DFIR Hope it's useful!
7
177
553
134,303
Nasko Oskov retweeted
4 Apr 2024
Big day for the V8 Sandbox:
* Now included in the Chrome VRP: g.co/chrome/vrp/#v8-sandbox-…
* Motivation & goals discussed in a new technical blog post: v8.dev/blog/sandbox
If there is ever a Sandbox "beta" release, this is it!
2
39
143
21,656
Nasko Oskov retweeted
23 Mar 2024
This is not just distributed systems. Client-side apps suffer from "more features - more failure modes" as well.
At least we don't usually do cascading failures, I guess? ;)
1
7
1,498
Nasko Oskov retweeted
23 Mar 2024
Companies who don't understand the basics of distributed systems don't seem to get the fact that more features = more failure modes (often cascading).
8
39
422
33,397
Nasko Oskov retweeted
9 Feb 2024
The Google Detection Team is expanding in India and Brazil and we're looking for amazing security analysts to help us protect Google and the data that billions of users entrust us with! We're hiring the following roles:
HYD: lnkd.in/gQu__uNg
SAO: lnkd.in/guxdmWDQ
1
9
12
3,937
Nasko Oskov retweeted
9 Feb 2024
I try an avoid this hellsite, but I did a quick dive into sudo in Windows and here are my initial findings. tiraniddo.dev/2024/02/sudo-o…
The main take away is, writing Rust won't save you from logical bugs :)
16
209
478
69,945
Nasko Oskov retweeted
5 Feb 2024
Google has provided a grant of $1M to the Rust Foundation to improve Rust code interop with C codebases. We’re also furthering our commitment to the open-source Rust community by aggregating and publishing audits for Rust crates we use in open-source projects... 1/3
2
28
87
13,853
Nasko Oskov retweeted
25 Jan 2024
A pure-Rust implementation of the X.509 path validation algorithm from @trailofbits blog.trailofbits.com/2024/01…
1
9
26
3,490