Tobias Stöckmann


I'm specialized in secure software design and development, code review, and penetration testing. At times I give talks and trainings in security related topics to help people (mostly developers) improve their products.

Keywords to describe what I do and like are C, Java, Linux, OpenBSD, security, high scalability, privacy, free software.


I performed various code reviews and the following CVE IDs have been assigned for me. I have written patches for these issues as well.

  • CVE-2018-14600libX11
  • CVE-2018-14599libX11
  • CVE-2018-14598libX11
  • CVE-2017-16612libXcursor
  • CVE-2017-8073weechat
  • CVE-2017-7875feh
  • CVE-2017-2616shadow/util-linux
  • CVE-2016-7953libXvMC
  • CVE-2016-7952libXtst
  • CVE-2016-7951libXtst
  • CVE-2016-7950libXrender
  • CVE-2016-7949libXrender
  • CVE-2016-7948libXrandr
  • CVE-2016-7947libXrandr
  • CVE-2016-7946libXi
  • CVE-2016-7945libXi
  • CVE-2016-7944libXfixes
  • CVE-2016-7943libX11
  • CVE-2016-7942libX11
  • CVE-2016-5434pacman
  • CVE-2016-5407libXv
  • CVE-2016-5384fontconfig
  • CVE-2014-6060dhcpcd
  • CVE-2007-6220typespeed

Bug Fixes

These patches were reported, but not approved yet. If you are a maintainer or want to push them to accept these fixes please move on.


Most of my open source code can be seen in the OpenBSD tree. It is scattered across various userland tools. Once I have added active PS/2 multiplexing to the pckbc device driver in the OpenBSD kernel. You can see the patch here. There is also xwallpaper which I wrote with a strong focus on minimalism and security after being disappointed with other available solutions.

My professional code has been developed closed source, so I cannot supply code samples. My first major project was the design and implementation of a modular, scalable multithreading CDI framework for Java SE. Improving a code base to better support multi-threading and the reduction of resource consumption was another cool project. I have also written a real-time RTAI/Linux module to operate industrial robots with my own scripting language while being a student.