Salvatore Guarnieri (but most work is internal at Google)

Work Experience


September 2014 - Current
Locations: New York, NY, Seattle, WA
Title: Senior Software Engineer


I worked on Kythe, a developer tools system that processes source code to generate and serve a large scale graph that details the relationships in code for very large code bases (e.g. where symbol foo is defined, where it is referenced, what type it has, etc.). The data was surfaced in a web UI that was used by nearly every engineer to understand and browse code. It also powered large scale changes, refactoring, migrations, and other bespoke tools.

I led cross-team and cross-org design, consensus building, prioritization, and implementation of features to increase cross reference coverage and ease of using cross reference data in other tools.

I wrote client-facing and backend-facing distributed servers, graph processing, server configs, and design docs. I primarily used Java and Go with Bazel.

Privacy reviewer

Reviewed internal Google systems to validate and improve their privacy practices.

Previous projects:

Android Studio

I worked on the Bazel plugin for Android Studio. I was one of the early developers that helped bridge the Bazel project model and the IntelliJ project model to make the plugin possible.


January 2011 - August 2014
Location: Hawthorne, NY
Title: Software Engineer

I worked on analyses targeted at improving mobile application development. Specifically, worked on analyses for JavaScript, Android (Java), and Java to detect security and reliability problems. Was technical lead for JavaScript analyses.

Primary Language Used: Java

IBM Research

June 2010 - January 2011
Location: Hawthorne, NY
Title: Intern, worked with Marco Pistoia

I worked on precise JavaScript and Java analyses. During the course of the internship I developed several analyses to detect or prevent security problems in several web languages. One of the analyses I developed was Actarus, which was a precise tainting analysis for JavaScript.

Primary Language Used Java

Microsoft Research

October 2008 - February 2009
Location: Redmond, WA
Title: Intern, worked with Ben Livshits

I developed Gatekeeper, a tool that statically analyzes JavaScript widgets to identify possible security or reliability problems. The tool was aimed at widgets that were present on the web portal. Gatekeeper was designed to execute on a widget after it was submitted but before the widget was listed in a directory of available widgets. Gatekeeper was designed to ensure unreliable widgets would not make it to the directory of downloadable widgets. I was responsible for creating, testing, and improving the tool. I was also partially responsible for the tool's technical report and presentation at meetings and talks.

Primary Language Used: C#


The University of Washington

September 2006 - June 2010
Degree: Masters of Science in Computer Science
Location Seattle, WA
Area of Research Program Analysis for Web Languages

The University of Virginia

September 2002 - May 2006
Degree Bachelor of Science
Location Charlottesville, VA
Major Computer Science (Computer Graphics and Computer Security concentration)
Minor Biomedical Engineering

Selected Publications

Andromeda: Accurate and Scalable Security Analysis of Web Applications
Omer Tripp, Marco Pistoia, Patrick Cousot, Radhia Cousot, Salvatore Guarnieri
FASE 2013

Saving the World Wide Web from Vulnerable JavaScript
Salvatore Guarnieri, Marco Pistoia, Omer Tripp, Julian Dolby, Stephen Teilhet, Ryan Berg
ISSTA 2011

Gatekeeper: Mostly Static Enforcement of Security and Reliability Policies for JavaScript Code
Salvatore Guarnieri, Ben Livshits
USENIX Security 2009

Automatically Hardening Web Applications Using Precise Tainting
Anh Nguyen-Tuong, Salvatore Guarnieri, Doug Greene, Jeffrey Shirley and David Evans
IFIP International Information Security Conference 2005