Andrea Fioraldi

Senior Vulnerability Researcher at Apple

Paris, Ile-de-France
email-iconphone-icongithub-logolinkedin-logotwitter-logostackoverflow-logofacebook-logo
Join Prog.AI to see contacts
email-iconphone-icongithub-logolinkedin-logotwitter-logostackoverflow-logofacebook-logo
Join Prog.AI to see contacts

Summary

🤩
Rockstar
🎓
Top School
Andrea Fioraldi is a Senior Vulnerability Researcher with a decade of hands-on experience building and improving fuzzing tooling, currently at Apple after completing a PhD in security at EURECOM. He is a core contributor to AFL++ and has integrated advanced features like CmpLog and QEMU persistent mode, as well as adapted AFL++ for large-scale benchmarking in Google’s FuzzBench. Based in Paris, he blends deep research rigour with pragmatic engineering—tuning Docker-based pipelines, coverage modes, and mutators to find real-world bugs such as assertion failures and null pointer dereferences. Notably, his work spans both academic publications and high-impact open-source engineering, demonstrating an unusual mix of formal security scholarship and production-grade DevOps savvy.
code10 years of coding experience
job1 year of employment as a software developer
bookMaster Degree, Engineering in Computer Science, Master Degree, Engineering in Computer Science at Sapienza Università di Roma
bookDoctor of Philosophy - PhD, Computer and Information Systems Security/Information Assurance, Doctor of Philosophy - PhD, Computer and Information Systems Security/Information Assurance at EURECOM
bookDiploma, Liceo scientifico, 100, Diploma, Liceo scientifico, 100 at Liceo Scientifico G.B. Grassi Latina
stackoverflow-logo

Stackoverflow

Stats
98reputation
5kreached
5answers
3questions
github-logo-circle

Github Skills (20)

docker10
c-language10
qemu10
instrumentation10
dockers10
fuzzing10
cprogramming-language10
assembly9
benchmark9
cicd9
benchmarking9
devops9
security8
libfuzzer8
python7

Programming languages (16)

C#JavaC++CSSRustCMakefileTeX

Github contributions (5)

github-logo-circle
AFLplusplus/AFLplusplus

Jun 2019 - Oct 2022

The fuzzer afl++ is afl with community patches, qemu 5.1 upgrade, collision-free coverage, enhanced laf-intel & redqueen, AFLfast++ power schedules, MOpt mutators, unicorn_mode, and a lot more!
Role in this project:
userBack-end Developer
Contributions:17 reviews, 555 commits, 80 PRs in 3 years 4 months
Contributions summary:Andrea contributed to the QEMU-based fuzzing framework by implementing and enhancing features related to CompareCoverage (CmpLog), which involved changes to the instrumentation of memory comparisons. The user also worked on improving the stability and functionality of the fuzzing process, and integrating with LibFuzzer. Additionally, they implemented a new persistent mode for QEMU and made improvements on a more complex system that interacts with CmpLog and the new features.
fuzz-testingschedulesmutatorsunicorn-emulatorunicorn-mode
google/fuzzbench

Mar 2020 - Jan 2023

FuzzBench - Fuzzer benchmarking as a service.
Role in this project:
userBackend & DevOps Engineer
Contributions:11 reviews, 40 commits, 44 PRs in 2 years 10 months
Contributions summary:Andrea primarily contributed to the AFL++ fuzzer within the fuzzbench framework. Their work included modifying Dockerfiles and fuzzer configurations to integrate new features and address compatibility issues with the AFL++ build process. They made changes to adapt the fuzzer for different coverage modes and features, and they introduced new fuzzer variants by modifying existing configurations. Furthermore, the user was involved in removing and integrating specific functionalities like "dislocator" and configuring CmpLog mode.
benchmarkingsecurityevaluationfuzzingbenchmark-framework
Find and Hire Top DevelopersWe’ve analyzed the programming source code of over 60 million software developers on GitHub and scored them by 50,000 skills. Sign-up on Prog,AI to search for software developers.
Request Free Trial
Andrea Fioraldi - Senior Vulnerability Researcher at Apple