Vlatko Košturjak

Vlatko Kosturjak serves as the VP of Research at Marlink Cyber, with more than two decades of dedicated experience in information security and cybersecurity. He also has successful M&A experience across various areas of cybersecurity and in different roles.

Beyond security, his passion is open and free software. He has developed numerous open-source security projects and contributed code to many widely used open-source security tools. In the past, he served for more than eight years as President of the Croatian Linux User Group (HULK).

Talk: Joy and reality in finding and fixing of 0-days in (FL)OSS

Open-source software (OSS) underpins modern digital infrastructure, from embedded systems to cloud-native platforms. While its transparency enables large-scale review and rapid innovation, it also exposes complex attack surfaces and long-lived legacy code paths that remain fertile ground for vulnerabilities.

Drawing on personal experience in bug hunting and 0-day discoveries, this talk will explore real-world lessons, practical challenges, and the current problems the community faces in securing open-source software. It will also examine what we have learned from real-world cases involving FFmpeg, libxml2, cURL, and XZ Utils, including insights gained through firsthand research and disclosure experience.

Get your free ticket here https://www.entrio.hr/en/event/dorscluc-2026-28348 and see you at the DORS/CLUC 31!