Kurt Boberg

Staff Security Researcher at r2c

United States
email-iconphone-icongithub-logolinkedin-logotwitter-logostackoverflow-logofacebook-logo
Join Prog.AI to see contacts
email-iconphone-icongithub-logolinkedin-logotwitter-logostackoverflow-logofacebook-logo
Join Prog.AI to see contacts

Summary

🤩
Rockstar
🎓
Top School
Kurt Boberg is a Staff Security Researcher with a focused track record in secure code review, open-source vulnerability discovery, and automating security processes, currently advancing Semgrep's detection capabilities at r2c. He has responsibly disclosed multiple notable CVEs involving deserialization and XML external entity issues across popular projects like Jenkins, Apache PDFBox, and YamlDotNet, demonstrating hands-on exploit-to-patch expertise. Prior roles at Chegg and DocuSign saw him grow from software engineer into lead application security positions, blending development fluency with threat modeling and remediation. An active contributor to the semgrep-rules community and tools like ysoserial.net, he improves rule accuracy across many languages to prevent injection and deserialization flaws at scale. With an MS in Computational Science and a BA in Mathematics, he pairs rigorous analytical training with practical offensive and defensive security research.
code4 years of coding experience
job8 years of employment as a software developer
bookBachelor of Arts (B.A.), Mathematics, Bachelor of Arts (B.A.), Mathematics at University of Washington
bookMaster of Science (M.S.), Computational Science, Master of Science (M.S.), Computational Science at Central Washington University
github-logo-circle

Github Skills (16)

static-analysis10
semgrep10
security10
java9
csharp9
dotnet-core9
python9
ruby9
php9
javascript9
javas9
regex8
ruby-rails7
rails7
docker4

Programming languages (14)

MDXJavaScalaGoHTMLStylusTypeScriptSolidity

Github contributions (5)

github-logo-circle
semgrep/semgrep-rules

Feb 2022 - Jan 2023

Semgrep rules registry
Role in this project:
userSecurity Engineer
Contributions:336 reviews, 174 commits, 251 PRs in 11 months
Contributions summary:Kurt primarily contributes to security rule development and maintenance for the Semgrep rules engine. Their work includes identifying and fixing vulnerabilities related to code injection, deserialization, and other security flaws across multiple programming languages, including PHP, Java, Ruby, C#, JavaScript, and Python. They also update tests and improve the accuracy and coverage of the security rules. Their contributions directly enhance the capabilities of Semgrep to detect and prevent security vulnerabilities.
securitysemgrepsemgrep-rulessemgrep-registryprogram-analysis
kurt-r2c/pdfbox

Oct 2022 - Jul 2024

Mirror of Apache PDFBox
Contributions:1 PR, 1 push, 1 branch in 1 year 9 months
pdfapache-pdfboxxmlapachepdfbox
Find and Hire Top DevelopersWe’ve analyzed the programming source code of over 60 million software developers on GitHub and scored them by 50,000 skills. Sign-up on Prog,AI to search for software developers.
Request Free Trial
Kurt Boberg - Staff Security Researcher at r2c