Andrea Fioraldi is a Senior Vulnerability Researcher with a decade of hands-on experience building and improving fuzzing tooling, currently at Apple after completing a PhD in security at EURECOM. He is a core contributor to AFL++ and has integrated advanced features like CmpLog and QEMU persistent mode, as well as adapted AFL++ for large-scale benchmarking in Google’s FuzzBench. Based in Paris, he blends deep research rigour with pragmatic engineering—tuning Docker-based pipelines, coverage modes, and mutators to find real-world bugs such as assertion failures and null pointer dereferences. Notably, his work spans both academic publications and high-impact open-source engineering, demonstrating an unusual mix of formal security scholarship and production-grade DevOps savvy.
10 years of coding experience
1 year of employment as a software developer
Master Degree, Engineering in Computer Science, Master Degree, Engineering in Computer Science at Sapienza Università di Roma
Doctor of Philosophy - PhD, Computer and Information Systems Security/Information Assurance, Doctor of Philosophy - PhD, Computer and Information Systems Security/Information Assurance at EURECOM
Diploma, Liceo scientifico, 100, Diploma, Liceo scientifico, 100 at Liceo Scientifico G.B. Grassi Latina
The fuzzer afl++ is afl with community patches, qemu 5.1 upgrade, collision-free coverage, enhanced laf-intel & redqueen, AFLfast++ power schedules, MOpt mutators, unicorn_mode, and a lot more!
Role in this project:
Back-end Developer
Contributions:17 reviews, 555 commits, 80 PRs in 3 years 4 months
Contributions summary:Andrea contributed to the QEMU-based fuzzing framework by implementing and enhancing features related to CompareCoverage (CmpLog), which involved changes to the instrumentation of memory comparisons. The user also worked on improving the stability and functionality of the fuzzing process, and integrating with LibFuzzer. Additionally, they implemented a new persistent mode for QEMU and made improvements on a more complex system that interacts with CmpLog and the new features.
Contributions:11 reviews, 40 commits, 44 PRs in 2 years 10 months
Contributions summary:Andrea primarily contributed to the AFL++ fuzzer within the fuzzbench framework. Their work included modifying Dockerfiles and fuzzer configurations to integrate new features and address compatibility issues with the AFL++ build process. They made changes to adapt the fuzzer for different coverage modes and features, and they introduced new fuzzer variants by modifying existing configurations. Furthermore, the user was involved in removing and integrating specific functionalities like "dislocator" and configuring CmpLog mode.
Find and Hire Top DevelopersWe’ve analyzed the programming source code of over 60 million software developers on GitHub and scored them by 50,000 skills. Sign-up on Prog,AI to search for software developers.
Request Free Trial
Andrea Fioraldi - Senior Vulnerability Researcher at Apple