Global Fujitsu Distinguished Engineer
Hisashi Kojima
Message
I specialize in software security vulnerability countermeasures and have worked in R&D to improve the quality of security in products and systems for nearly 20 years. In particular, I worked on the development of a security testing technique called fuzzing and contributed to preventing damage caused by attacks by reporting to the IPA and other organizations many previously unknown vulnerabilities that we detected. I will continue R&D to realize a safe and secure society.
Achievements
- Engaged in R&D for security quality improvements for products and systems as a representative expert of Fujitsu for software vulnerability measures for almost 20 years, accumulated 18 vulnerability reports to the IPA. (As a student, won a $1,000 bounty for security bugs from what was then Netscape.)
- Ministry of Economy, Trade and Industry Study Group for Industrial Cybersecurity WG1 Software TF Study Committee member [FY2018 to FY2019]
- Vigorously participated in activities, such as contributing to information magazines for people outside of Fujitsu and external media, presenting/authoring for international conferences, including top security conferences, and academic journals. (Authored 16 works)
- Lectured at universities, tech conferences, financial institutions, etc., focusing on fuzz testing technologies
- Specialist Committee Member of the Technical Committee on Information and Communication System Security (ICSS) [FY2018]
Value Creation
- Developed effective, original fuzz testing techniques for detecting unidentified vulnerabilities, implemented and deployed as a pre-shipping security survey tool, and contributed to improved security quality.
- Enhanced security of web application systems, including electronic government systems.
- Enhanced security of mobile/smart phones, storage systems, server products, middleware products, etc.
- Handled incidents related to vulnerabilities in multiple products and systems.
- Supported standardization and promotion of security quality in Fujitsu's standard development rules.
- Introduced a security-by-design approach for Fujitsu's standard SI processes.