I received my PhD in Spring 2013 from the Computer Science Division at UC Berkeley, where I was advised by David Wagner. My dissertation is available for your perusal. I used to work at Twitter, and then at Uber. Now I work at Figma.
My research is in computer security, and tends to focus primarily on software security. My research has taken steps toward:
Please see this visual representation of the topics my research has covered.
An Empirical Study of Vulnerability Rewards Programs.
Matthew Finifter,
Devdatta Akhawe, and
David Wagner.
In Proceedings of the
22nd USENIX Security Symposium, August 14-16, 2013.
An Empirical Study on the Effectiveness of Security Code Review.
Anne Edmundson, Brian Holtkamp, Emanuel Rivera, Matthew Finifter,
Adrian Mettler, and
David Wagner.
In Proceedings of the
International Symposium on Engineering Secure Software and Systems (ESSoS 2013), February 27 - March 1, 2013.
How to Ask for Permission.
Adrienne Porter Felt,
Serge Egelman,
Matthew Finifter,
Devdatta Akhawe,
and David Wagner.
In Proceedings of the
7th USENIX
Workshop on Hot Topics in Security (HotSec 2012), August 7, 2012.
Jigsaw: Efficient, Low-effort Mashup Isolation.
James Mickens and Matthew Finifter.
In Proceedings of the
3rd USENIX Conference on Web Application Development (WebApps 2012), June 13, 2012.
Product Labels for Mobile Application Markets. Short paper.
Devdatta Akhawe and
Matthew Finifter.
In Proceedings of the
Mobile Security Technologies Workshop (MoST 2012), May 24, 2012.
A Survey of Mobile Malware in the Wild.
Adrienne Porter Felt,
Matthew Finifter,
Erika Chin,
Steve Hanna,
and David Wagner.
In Proceedings of the
ACM CCS Workshop on Security and Privacy in Smartphones and Mobile Devices (SPSM 2011), October 17, 2011.
A Systematic Analysis of XSS Sanitization in Web Application Frameworks.
Joel Weinberger,
Prateek Saxena,
Devdatta Akhawe,
Matthew Finifter,
Richard Shin and
Dawn Song.
In Proceedings of the
European Symposium on Research in Computer Security (ESORICS 2011), September 12-14, 2011.
Exploring the Relationship Between Web Application Development Tools and Security.
Matthew Finifter and
David Wagner.
In Proceedings of the
2nd USENIX Conference on Web Application Development (WebApps 2011), June 15-16, 2011.
Diesel: Applying Privilege Separation to Database Access.
Short paper.
A. Porter Felt,
Matthew Finifter,
Joel Weinberger, and
David Wagner.
In Proceedings of the
6th ACM Symposium on Information, Computer,
and Communications Security (AsiaCCS 2011), March 22-24, 2011.
Preventing Capability Leaks in Secure JavaScript Subsets.
Matthew Finifter,
Joel Weinberger, and
Adam Barth.
In Proceedings of the
17th Annual Network and Distributed System Security Symposium (NDSS 2010),
February 28-March 3, 2010.
Verifiable Functional Purity in Java.
Matthew Finifter,
Adrian Mettler,
Naveen Sastry, and
David Wagner.
In Proceedings of the
15th ACM Conference on Computer and Communication Security (CCS 2008),
October 27-31, 2008.
Jigsaw: Efficient, Low-effort Mashup Isolation.
Presented at WebApps 2012 on June 13, 2012.
Exploring the Relationship Between Web Application Development Tools and Security.
Presented at WebApps 2011 on June 15, 2011.
Diesel: Applying Privilege Separation to Database Access.
Presented at AsiaCCS 2011 on March 23, 2011.
The Influence of Programming Language and Framework on
Application Security.
Presented at Mini-Metricon 5.5 on February 14, 2011.
Preventing Capability Leaks in Secure JavaScript Subsets.
Presented at NDSS on March 3, 2010.