Global Fujitsu Distinguished Engineer

Hisashi Kojima

Message

I specialize in software security vulnerability countermeasures and have worked in R&D to improve the quality of security in products and systems for nearly 20 years. In particular, I worked on the development of a security testing technique called fuzzing and contributed to preventing damage caused by attacks by reporting to the IPA and other organizations many previously unknown vulnerabilities that we detected. I will continue R&D to realize a safe and secure society.

Achievements

  • Engaged in R&D for security quality improvements for products and systems as a representative expert of Fujitsu for software vulnerability measures for almost 20 years, accumulated 18 vulnerability reports to the IPA. (As a student, won a $1,000 bounty for security bugs from what was then Netscape.)
  • Ministry of Economy, Trade and Industry Study Group for Industrial Cybersecurity WG1 Software TF Study Committee member [FY2018 to FY2019]
  • Vigorously participated in activities, such as contributing to information magazines for people outside of Fujitsu and external media, presenting/authoring for international conferences, including top security conferences, and academic journals. (Authored 16 works)
  • Lectured at universities, tech conferences, financial institutions, etc., focusing on fuzz testing technologies
  • Specialist Committee Member of the Technical Committee on Information and Communication System Security (ICSS) [FY2018]

Value Creation

  • Developed effective, original fuzz testing techniques for detecting unidentified vulnerabilities, implemented and deployed as a pre-shipping security survey tool, and contributed to improved security quality.
  • Enhanced security of web application systems, including electronic government systems.
  • Enhanced security of mobile/smart phones, storage systems, server products, middleware products, etc.
  • Handled incidents related to vulnerabilities in multiple products and systems.
  • Supported standardization and promotion of security quality in Fujitsu's standard development rules.
  • Introduced a security-by-design approach for Fujitsu's standard SI processes.