Technical research

ZDI Vanguard Award 2025: Most Prolific Researcher

Rocco Calvi (@TecR0c) received the ZDI Vanguard Award for Most Prolific Researcher at Black Hat USA 2025, recognising 300+ remote code execution vulnerabilities reported through the Zero Day Initiative.

TECSECURITY // RESEARCH NOTE

ZDI Vanguard Award — Most Prolific Researcher trophy

At Black Hat USA 2025, Trend Micro’s Zero Day Initiative presented the ZDI Vanguard Award to TecSecurity founder Rocco Calvi (@TecR0c) for Most Prolific Researcher – recognising the researcher with the highest number of contracted vulnerability cases with ZDI. The award was presented at Trend Micro’s booth as part of ZDI’s 20th anniversary celebrations.

By the Numbers

The award reflects over 300 remote code execution vulnerabilities reported to ZDI across a range of target categories:

  • CAD / PLM / AEC – engineering and design software used across manufacturing, construction, and architecture
  • ICS / SCADA – industrial control systems and supervisory control platforms
  • IoT devices – consumer and enterprise connected hardware
  • PDF viewers – document processing software deployed on hundreds of millions of endpoints

Approach

Each case starts with identifying an underexplored attack surface, auditing high-risk code paths through manual reverse engineering, and building targeted fuzzers and analysis tools to systematically uncover exploitable flaws. The focus is on parser logic, memory management, and trust boundaries in complex file formats – the areas where automated tooling alone consistently falls short.

What This Means

The Vanguard Award places TecSecurity among the top contributors to the world’s largest vendor-agnostic vulnerability acquisition programme. It validates the research methodology we’ve built over the past decade: proprietary discovery tooling applied at scale against widely deployed commercial software.

References

Filed under
  • zdi
  • recognition
  • blackhat
  • exploit-development