Milton Smith
American computer security application developer, researcher, and writer
- Nationalité
- États-Unis
Milton Smith is an American computer security application developer, researcher, and writer. Smith is best known for his role leading Java platform security at Oracle during a period of high-profile security incidents in the fall of 2012. Due to the climate around Java security, in 2013 Smith was invited to present by Black Hat leadership in a closed session under Non-Disclosure Agreement to top industry leaders. In the same year Smith established the first ever full security
Career
Milton Smith is an American computer security application developer, researcher, and writer whose work spans enterprise security leadership, open source tool development, and industry conference organization.
Prior to joining Oracle, Smith worked at Yahoo, where around June 2011 he led security for the User Data Analytics (UDA) business unit. In that role he developed security controls aimed at protecting Yahoo's click stream revenues. He also led Yahoo's Enterprise Security Triage Program, which focused on monitoring enterprise vulnerabilities and tracking remediation activities.
Oracle
Smith became widely recognized for his role leading Java platform security at Oracle during the fall of 2012, a period marked by high-profile security incidents affecting the Java platform. In 2013, his standing in the field led Black Hat leadership to invite him to present in a closed session held under a Non-Disclosure Agreement for top industry leaders.
Also in 2013, Smith established the first full security track at JavaOne, Oracle's premier conference for Java software developers, held in San Francisco, California. This represented a notable expansion of security-focused programming within a major software development conference.
Smith continues to serve as a principal security analyst at Oracle, working strategically across the company's business units. During this period he also served as Chief Technical Editor on an application security book project developed with colleagues.
Open Source and OWASP Contributions
Smith is an active contributor to the Open Web Application Security Project (OWASP), one of the largest nonprofit organizations of security practitioners in the world. On March 12, 2015, he developed DeepViolet, a TLS/SSL scanning API designed to allow researchers to extend TLS/SSL scanning capabilities to their own projects. DeepViolet is recognized as an OWASP Incubator project.
Smith is also a leader on the OWASP Security Logging API Project, an open source initiative that extends security features to applications using popular logging platforms such as log4j and logback.
Notable Work
Across his career, Smith has combined hands-on security engineering with community leadership, contributing open source tools for researchers, participating in security conference events, and organizing them. His establishment of a dedicated security track at JavaOne and his development of the DeepViolet TLS/SSL scanning API represent two of his more visible contributions to the broader security community.
§Entrées associées
Adrian Lamo
Informaticien américain
1981 – 2018 · États-Unis
Albert Gonzalez
Hacker américain
1981 – présent · États-Unis
Alec Muffett
Expert en sécurité anglo-américain et ingénieur logiciel, connu pour avoir créé Crack, le premier outil de déchiffrement de mots de passe Unix, et pour avoir été pionnier dans le déploiement de…
1968 – présent · États-Unis
Alexander Sotirov
Alexander Sotirov est un chercheur en sécurité informatique, co-fondateur de Trail of Bits, et pionnier des techniques d'exploitation de navigateurs, notamment le Heap Feng Shui.
États-Unis
Ashkan Soltani
Chercheur en vie privée et en sécurité, ancien Chief Technologist de la FTC et directeur exécutif de la California Privacy Protection Agency.
États-Unis