Michele Spagnuolo

Michele Spagnuolo is a Staff Information Security Engineer at Google leading the Web Signals and Intelligence area in the Information Security team.

At Google, he built Security Signals, a comprehensive system providing security measurability for web services, deployed in a complex application ecosystem of thousands of web services handling traffic from billions of users. He is now leading an effort to define a common, domain-agnostic methodology for product security measurability across Alphabet.

Previously, he co-authored the CSP3 W3C specification, which now protects more than a third of the Internet's HTML traffic against Cross-Site Scripting (XSS) attacks. He deployed CSP and other web security features at scale across Alphabet following a full-cycle, data-driven approach.

Other works include Rosetta Flash, a Pwnie Awards-nominated exploitation technique that abuses the Flash SWF format to bypass the Same Origin Policy and BitIodine, the first open source Bitcoin blockchain analysis framework, cited by around 450 academic publications.