Bertrand STIVALET

About me

I have been working as Cyber Security Expert in the CISO Office for the International Committee of the Red Cross (ICRC) in Geneva,CH since mid-2018. Before accepting this exciting challenge, I performed Ethical hacking / Penetration Testing for 2 years at immunIT in Nyon,CH. I also worked 5 years for the National Institute of Standards and Technology (NIST), Washington DC where I was conducting security researches on how source code security analyzers react facing a large range of vulnerabilities with different complexities (see Awards & Publications sections below). I was part of the SAMATE Team where my role consisted of studying tools' strengths and weaknesses in order to help improving the current state of the static code analysis field. I graduated in 2011 from TELECOM Nancy, a leading engineering school at the University of Lorraine in France for a Master's degree in Computer Science with a minor in Security and Networking.

Websites

• Bertrand STIVALET http://www.stivalet.ch
• LinkedIn https://www.linkedin.com/in/bertrandstivalet
• Github https://github.com/stivalet
• NIST publications http://www.nist.gov/publication-portal.cfm
• Research Gate https://www.researchgate.net/profile/Bertrand_Stivalet
• Google Scholar https://scholar.google.com/

Research

Responsible Vulnerability Disclosure

• UN Women, May 2021
  UN Women Information Security Hall of Fame

Awards

• Best Paper Award - IEEE International Conference on Software Testing, Verification and Validation (ICST) 2016, April 2016
  Large Scale Generation of Complex and Faulty PHP Test Cases
  Bertrand Stivalet,Elizabeth Fong

Papers

• SATE V Report: Ten Years of Static Analysis Tool Expositions, October 2018
  Aurelien M. Delaitre, Bertrand C. Stivalet, Paul E. Black, Vadim Okun, Terry S. Cohen, Athos Ribeiro
  
• Large Scale Generation of Complex and Faulty PHP Test Cases, April 2016
  Bertrand Stivalet, Elizabeth Fong
  International Conference on Software Testing, Verification and Validation (ICST'16), Chicago, IL
  *BEST PAPER AWARD for the ICST16 TOOL DEMO TRACK*

• Evaluating Bug Finders - Test and Measurement of Static Code Analyzers, May 2015
  Aurelien Delaitre, Bertrand Stivalet, Elizabeth Fong, Vadim Okun
  Complex faUlts and Failures in LargE Software Systems (COUFLESS'15), Firenze, Italy

• A Hybrid CPU-GPU System for Stitching of Large Scale Optical Microscopy Images, March 2013
  Walid Keyrouz, Bertrand Stivalet, Timothy Blattner, Shujia Zhou, Joe Chalfoun, Mary Brady
  GPU Technology Conference 2013, San Jose, CA

• Initiating Mobile Software Development - Lessons Learned From a 12-Month Project, 2011
  Frederic de Vaulx, Paul Khouri Saba, Marcus Newrock, Bertrand Stivalet
  NIST Interagency/Internal Report (NISTIR)

Presentations

• Large Scale Generation of Complex and Faulty PHP Test Cases, April 2016
  International Conference on Software Testing, Verification and Validation (ICST'16), Chicago, IL

• Evaluating Bug Finders - Test and Measurement of Static Code Analyzers, May 2015
  Complex faUlts and Failures in LargE Software Systems (COUFLESS'15), Firenze, Italy

• CVE-Selected Analysis Results, March 2014
  Static Analysis Tool Exposition (SATE) V Workshop, Gaithersburg, MD, USA

Contact

• Firstname . Lastname @gmail.com
  
• b_stivalet@Twitter
• about.me/bertrandstivalet