Kevin Backhouse is a security researcher at GitHub Security Lab with eight years of focused experience hunting and exploiting vulnerabilities in open source software. With a DPhil in Computer Science and a strong foundation in mathematics, he blends deep program analysis and exploit development—demonstrated by PoCs for libssh2, D-Bus, polkit and several Ubuntu components—with practical hardening contributions to libraries like Exiv2. His background writing QL queries at Semmle and adding fuzz targets to OSS-Fuzz shows expertise across static analysis, fuzzing, and compiler-level reasoning. Prior roles at Oracle, MathWorks and ARM reflect a long history of systems and compiler engineering, informing his ability to find subtle memory and logic flaws. Colleagues rely on him not only to discover issues but to produce tests and fixes that reduce regressions across large codebases.
8 years of coding experience
13 years of employment as a software developer
DPhil, Computer Science, DPhil, Computer Science at University of Oxford
BA, Mathematics, BA, Mathematics at University of Cambridge
Contributions:20 reviews, 60 commits, 43 PRs in 2 years 8 months
Contributions summary:Kevin's commits focus on identifying and exploiting security vulnerabilities. Their work includes crafting a proof-of-concept (PoC) for a vulnerability in `libssh2/packet.c`, developing an exploit targeting an Apport PID recycling vulnerability to obtain ASLR offsets, and creating a PoC for D-Bus CVE-2020-12049. Additionally, they've contributed exploits related to Ubuntu and SANE backends (CVE-2020-12861) and polkit. Their contributions demonstrate a focus on vulnerability research and exploit development.
Contributions:5 releases, 396 reviews, 659 commits in 3 years 9 months
Contributions summary:Kevin primarily focused on identifying and fixing security vulnerabilities within the Exiv2 image metadata library. The commits reveal that the user was involved in addressing various issues, including buffer overflows, integer overflows, and out-of-bounds reads, specifically targeting image formats like JPEG, PNG, and WebP. The user's contributions included both code fixes and the creation of test cases designed to prevent future regressions. Their work appears to have significantly improved the security and robustness of the library.
exif-metadataexifiptcimage-metadataexif-interface
Find and Hire Top DevelopersWe’ve analyzed the programming source code of over 60 million software developers on GitHub and scored them by 50,000 skills. Sign-up on Prog,AI to search for software developers.