37-day longest streak
Hey, I’m David Osipov 👋 I’m a B2B Product Leader and independent security researcher working at the intersection of cybersecurity, AI, open Internet infrastructure, and machine-readable trust. I’m currently focused…
Hey, I’m David Osipov 👋
I’m a B2B Product Leader and independent security researcher working at the intersection of cybersecurity, AI, open Internet infrastructure, and machine-readable trust.
I’m currently focused on two tracks:
- building and maintaining censorship-resilient Telegram infrastructure with the Telemt community;
- researching security, trust, and metadata failures in large Internet platforms.
accounturi / validationmethods.
- CVE: https://www.cve.org/CVERecord?id=CVE-2026-14440
- NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-14440
- GitHub Advisory: https://github.com/advisories/GHSA-vrv9-rjp4-w93c
- Research write-up: https://david-osipov.vision/en/blog/cybersecurity/cloudflare-ssl-mitm-flaw-2026/
---
Current focus
telemt/tdlib-obf
I created and maintain tdlib-obf, a security-hardened fork of TDLib for high-threat network environments.
The project focuses on MTProto traffic masking, anti-DPI transport behavior, and client-side support for censorship-resilient Telegram access. It is designed to work together with the Telemt Rust MTProxy server.
Status: alpha / pre-first official release.
telemt/telemt
I contribute to telemt, a Rust + Tokio MTProxy server for Telegram.
Telemt is a fast, secure, production-oriented MTProxy implementation with a large user and operator community. I help with product direction, community operations, threat modeling, documentation, testing, and ecosystem development.
I’m one of the admins in the Telemt community, which has grown to 21k+ people on Telegram. The main telemt/telemt repository has around 5k GitHub stars.
---
Security research
CVE-2026-14440 — Cloudflare Universal SSL / CAA / RFC 8657
I discovered and coordinated the disclosure of a Cloudflare Universal SSL issue where automatic CAA management can supersede customer-configured CAA records at query time.
In affected Universal SSL configurations, RFC 8657 accounturi and validationmethods protections may not be enforced end-to-end. Successful exploitation is non-trivial and requires a strong network position, but the impact can include issuance of a browser-trusted TLS certificate and a man-in-the-middle window against the affected domain.
Official records:
- CVE Program: https://www.cve.org/CVERecord?id=CVE-2026-14440
- NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-14440
- GitHub Advisory: https://github.com/advisories/GHSA-vrv9-rjp4-w93c
- NotCVE historical tracking: https://notcve.org/notcve/NotCVE-2026-0001
Product background
I’ve worked across B2B SaaS, cybersecurity, enterprise software, mobility, and consulting.
Previously, I was Lead Product Manager at DeskAlerts, where I led the development of a new SaaS suite from scratch, worked with enterprise security requirements, and contributed to product growth.
Earlier roles included:
- Product Ops Analyst at DiDi Global
- Senior Business Analyst at Paragon Consulting
- freelance product and market research work for international companies
---
Open knowledge and mapping
I care about public knowledge infrastructure.
I contribute to:
- OpenStreetMap and Mapillary
- Wikidata and Wikipedia
- MusicBrainz
- open cybersecurity datasets and anti-phishing communities
- ORCID: https://orcid.org/0009-0005-2713-9242
- ISNI: https://isni.org/isni/000000051802960X
- VIAF: https://viaf.org/viaf/139173726847611590332
- Website: https://david-osipov.vision
Skills
Product leadership: B2B SaaS, roadmap strategy, discovery, market research, enterprise requirements, stakeholder management
Cybersecurity: vulnerability research, TLS/PKI, CAA, CVE coordination, phishing intelligence, threat modeling, OSINT
Internet infrastructure: MTProxy, Telegram transport, DPI resistance, DNS, certificate issuance, routing-risk analysis
AI and data: AI-assisted research, prompt engineering, information extraction, structured metadata, knowledge graphs
Web and tooling: Python, Astro, Tailwind CSS, schema markup, performance optimization, GitHub workflows
Languages: Russian, English, Georgian, French, German
---
Contact
- Website: https://david-osipov.vision
- LinkedIn: https://linkedin.com/in/david-osipov
- GitHub: https://github.com/DavidOsipov
-
phishing ★ PINNED ⑂
Central Repository for Adding Domains / Links to the Phishing.Database project - https://github.com/mitchellkrogza/Phishing.Database/
★ 0 1y agoExplain → -
gmpy2-stubs ★ PINNED
PEP 561 type stubs for gmpy2 2.2.1, a Python extension wrapping the GMP, MPFR, and MPC arbitrary-precision arithmetic libraries. Improves static type checking and IDE support.
Python ★ 5 3mo agoExplain → -
Keywords4CV
A Python tool to extract key skills and terms from job descriptions, optimizing resumes and LinkedIn profiles for ATS and recruiters.
Python ★ 6 9d agoExplain → -
PostQuantum-Feldman-VSS
Post-Quantum Secure Feldman's Verifiable Secret Sharing (VSS) in Python.
Python ★ 4 13d agoExplain → -
CryptoPaper ⑂
Privacy, Security, and Anonymity For Every Internet User.
★ 1 5y agoExplain → -
DavidOsipov
My personal repository
★ 0 11d agoExplain → -
telemt ⑂
MTProxy for Telegram on Rust + Tokio
Rust ★ 0 3mo agoExplain → -
Xray-core ⑂
Xray, Penetrates Everything. Also the best v2ray-core. Where the magic happens. An open platform for various uses.
★ 0 4mo agoExplain → -
openbsd-install-xray ⑂
Bash script for installing Xray in the OpenBSD operating system
★ 0 4mo agoExplain → -
smallweb ⑂
Kagi Small Web
★ 0 5mo agoExplain → -
gmpy ⑂
General Multi-Precision arithmetic for Python 2.6+/3+ (GMP, MPIR, MPFR, MPC)
★ 0 1y agoExplain → -
Security-kit
An opinionated, zero-dependency security toolkit for modern browsers. Implements a verifiable Zero Trust security model in TypeScript, built on the native Web Crypto API.
TypeScript ★ 0 5mo agoExplain → -
astro-pagefind-hardened ⑂
A hardened, production-ready Astro integration for Pagefind, rebuilt for security, performance, and modern web standards. A secure and reliable drop-in replacement.
Astro ★ 0 4mo agoExplain → -
Aegis-Animator
A security-first, lifecycle-aware animation and DOM utility library for modern web applications.
TypeScript ★ 0 10mo agoExplain → -
David-Osipov-AI-Assisted-Meta-Research-Repository
AI-assisted meta-research repository by David Osipov. Synthesizing scientific literature on environmental health, AI ethics, cybersecurity, and more, with human validation. Licensed under CC-BY-4.0. Uses SPDX and automated SBOM
★ 0 3mo agoExplain → -
web-crypto-benchmark
A high-precision, lab-grade Web Crypto API benchmark engineered for statistical robustness. Features a low-interference measurement engine using a SharedArrayBuffer data channel and a strict security-first design.
JavaScript ★ 0 11mo agoExplain → -
Vision-ui
🚀 Enterprise-grade, dependency-free UI components for modern web projects (Astro, etc.). A case study in product-led, AI-orchestrated engineering. 🛡️
JavaScript ★ 0 5h agoExplain → -
ggwave ⑂
Tiny data-over-sound library
★ 0 1y agoExplain → -
.trunk
Used by Trunk. Learn more at https://docs.trunk.io/code-quality/ci/get-started/github-integration
★ 0 1y agoExplain → -
K4CV-Caching-Engine
A high-performance caching engine for Keywords4CV and beyond
Python ★ 0 1y agoExplain → -
numpy-100 ⑂
100 numpy exercises (100% complete)
Python ★ 0 1y agoExplain → -
AI-Meta-Feedback-Analyzer-for-Code-Improvements
A comprehensive framework that guides AI systems to process unstructured code feedback and meta-feedback, producing prioritized, actionable improvement lists with confidence scoring and quality assessment for efficient development workflows
★ 0 1y agoExplain → -
openpgpkey
No description.
HTML ★ 0 2y agoExplain → -
systemd-services ⑂
No description.
★ 0 4y agoExplain → -
systemd-sandboxing
Hardened systemd profiles for various services
★ 0 4y agoExplain → -
mta-sts.tomi.ai
No description.
HTML ★ 0 4y agoExplain → -
mta-sts.gsomfamily.com
No description.
HTML ★ 0 4y agoExplain → -
mta-sts.paragon-consult.com
No description.
HTML ★ 0 5y agoExplain →
No repos match these filters.