Quick Links


Justin Cappos is a professor in the Computer Science and Engineering department at New York University, who strives to provide service to society through technology. Justin's research philosophy focuses on solving real world security problems in practice. He and his students often focus on problems in security, systems, virtualization, and software supply chain security, with an emphasis on practical research advances that can be used in production.

He is an active participant in a variety of open source projects, mostly hosted by the Linux Foundation. In 2024, he was elected to the Governing Board of the OpenSSF as the Security Community Individual Representative. He is a creator of five Linux Foundation projects, spanning the OpenSSF, CNCF, and JDF. This includes:

  • TUF, a graduated CNCF project which is used to secure software repositories both in the cloud and a variety of diverse use cases,
  • in-toto, an incubating level CNCF project, which is used by thousands of companies to secure the software supply chain (and is also being extended to secure SBOMs),
  • Uptane, a JDF project for securing automotive software updaters against nation-state actors, which is both a JDF and IEEE/ISTO standard.
He created and facilitates the Linux Foundation's TAG Security security assessment process and wrote a book about it. His open source research advances are adopted into production use by Docker, git, Python, VMware, automobiles, Cloudflare, Microsoft, Amazon, Google, IBM, Digital Ocean, and major Linux distributions. Due to the practical impact of his work, Justin was named to Popular Science's Brilliant 10 list in 2013.

I am currently recruiting talented PhD students, software engineers, research professors, and postdoctoral researchers who are interested in making a positive change in the world by building and deploying open source, real world software. Feel free to apply!

For press inquiries, please email jcappos@nyu.edu and I will respond promptly.