JBomAudit: Assessing the Landscape, Compliance, and Security Implications of Java SBOMs
- Yue Xiao
- Dhilung Kirat
- et al.
- 2025
- NDSS 2025
Douglas Schales
Title
STSM - Security Analytics
Bio
Doug Schales is a Senior Technical Staff Member at the Thomas J. Watson Research Center which he joined in 1996. His main area of interest is Security. He presently is focused on two areas.
- Using LLM's to analyze software for security vulnerabilities.
- Secure Supply Chain - Developing tools for ensuring that the software development pipeline is secure.
In the past, I worked on:
- Development of DNS security analytics that operate at large scale that feature low resource usage and low false positive rates. Sketch/streaming algorithms are heavily utilized.
- Development of a geographically distributed platform for large scale, near real time, CyberSecurity analytics across multiple data types.
- Use of the platform to develop analytics to accurately identify misuse, or other unusual activity, in DNS traffic.
- Automated over the network vulnerability discovery at scale.
In the past he has worked on security for the System S (Streams) project, introspection based security for virtual machines and automated enterprise scale, network-based, security auditing.
Publications
Uncovering Supply Chain Attack with Code Genome Framework
- Dhilung Kirat
- Jiyong Jang
- et al.
- 2024
- Black Hat USA 2024
SyzGen++: Dependency Inference for Augmenting Kernel Driver Fuzzing
- Weiteng Chen
- Yu Hao
- et al.
- 2024
- S&P 2024
Patents
- US
- 11941054
- US
- 11533325
- US
- 11368470
- US
- 11163878
- US
- 11153337
- US
- 11025656
- US
- 10979453
- US
- 10956566
- US
- 10887323
- US
- 10887346
Projects
Building reusable, composable, and shareable huntflows across different data sources and threat intel.
Top collaborators
JJ
Jiyong Jang
Principal Research Scientist & Manager, AI Supply Chain Security
DK
Dhilung Kirat
Senior Research Scientist, Security Research
IM
Ian Molloy
Department Head, Security Research