János Folláth is a Staff Software Engineer based in Cambridge with over a decade of experience building secure, high-performance systems at Arm. He combines deep academic training — a PhD in Digital Communication and a Master's in Computer Science — with practical cryptography and systems work dating back to university research and lecturing. At Arm he focuses on backend and security engineering, bringing a specialist's attention to cryptographic correctness and optimization. His open-source contributions to the widely used mbedtls project include hardening RSA routines, adding certificate validation tests, and fixing certificate chain verification bugs, showing a knack for finding subtle vulnerabilities. Previously he designed new Gaussian samplers and lattice-reduction algorithms in C++, reflecting an uncommon blend of theoretical cryptography and production engineering. Colleagues rely on him for rigor, quietly improving security-critical code paths that most users never see.
10 years of coding experience
3 years of employment as a software developer
Master's degree, Computer Science, Master's degree, Computer Science at University of Debrecen
An open source, portable, easy to use, readable and flexible TLS library, and reference implementation of the PSA Cryptography API. Releases are on a varying cadence, typically around 3 - 6 months between releases.
Role in this project:
Back-end & Security Engineer
Contributions:14 releases, 836 reviews, 1175 commits in 7 years
Contributions summary:János primarily contributed to the security and optimization of the RSA encryption and decryption routines. Their contributions involved implementing tests for overflow and underflow conditions within the RSA algorithms, with specific focus on the library/rsa.c source file. Furthermore, the user added tests for certificate validation, specifically addressing scenarios with potential security vulnerabilities in X509 certificate handling, by creating tests for silently dropping trailing extra bytes in .der certificates. The user also added new test suites for signature algorithm extensions and fixed a bug that prevented valid certificates from being verified due to an issue with the certificate chain.
An open source, portable, easy to use, readable and flexible SSL library
Contributions:1 release, 13 PRs, 270 pushes in 9 years 3 months
xmakesslreadableperl5ssl-library
Find and Hire Top DevelopersWe’ve analyzed the programming source code of over 60 million software developers on GitHub and scored them by 50,000 skills. Sign-up on Prog,AI to search for software developers.