This is where I’ll post security research, CVE writeups, and notes on healthcare IT.
First real writeup is up: a pre-auth heap overflow in libvncclient’s Tight decoder (GHSA-v9pm-47h4-jcq8). More disclosures to follow once they clear coordinated disclosure.
In the meantime — /about explains who I am, and /.well-known/security.txt covers how to reach me about anything sensitive.