Summary
David Moore is a security researcher with nine years of experience finding deep, high-impact vulnerabilities across major platforms and open source projects. He’s a Google VRP Hall of Famer and ranked Bugcrowd researcher with paid bounties and CVEs ranging from XSS and SQL injection to interpreter-level flaws in Ruby MRI and a critical Netflix Dynomite heap overflow. His background spans application and product security roles at Google and Looker, founding fuzzing-focused tooling and research at Fuzz Stati0n, and core contributions to projects like the Linux kernel, Python, and Hadoop. Proficient in languages from C and x86 assembly to Go and Node.js, he combines dynamic analysis and AFL-powered fuzzing to surface bugs missed by other tests. A frequent speaker at security conferences and moderator of the Fuzzing subreddit, he blends practical exploit development with responsible disclosure and community leadership. Based in California, he holds a BA in Computational Mathematics from UC Santa Cruz and is currently working independently as a security researcher.
9 years of coding experience
10 years of employment as a software developer
University of California Santa Cruz