AI Cyber Lunch: Ryan Ellis on "Bounty Everything? Remaking and Rethinking Security Work"

Name: AI Cyber Lunch: Ryan Ellis on "Bounty Everything? Remaking and Rethinking Security Work"
Start: 2022-09-28T12:00:00-0400
End: 2022-09-28T13:00:00-0400

Harvard Faculty, Fellows, Staff, and Students

How can bug bounty programs be reimagined to ensure an equitable and secure future?

Join us for an Artificial Intelligence/Cyber Lunch Seminar featuring Ryan Ellis, Associate Professor of Communications Studies at Northeastern University. Ellis will give a talk entitled "Bounty Everything? Remaking and Rethinking Security Work."

Q&A to follow. Buffet-style lunch will be served.

Registration: In-person attendance is limited to current Harvard ID holders. No RSVP is required. Room capacity is limited and seating will be on a first come, first served basis.

Members of the public are welcome to attend virtually via Zoom. Virtual attendees should register using the button below; upon registering, attendees will receive a confirmation email with a Zoom link.

Recording: Please be advised that this seminar will not be recorded.

Accessibility: Persons with disabilities who wish to request accommodations or who have questions about access, please contact Liz Hanlon (ehanlon@hks.harvard.edu) in advance of the session.

Date: Wed, Sep 28, 2022 Time: 12:00pm - 01:00pm Location: Room 434 A-B

Bug bounty programs were once novel, now they are common. Today, everyone—from United Airlines to the Department of Defense—seems to have a bounty program. Paying security researchers for flaws appears to offer up a “golden age of hacking.” Yet, the widespread adoption and institutionalization of bug bounty programs carries real risks for workers and the public. Drawing on the recent Data & Society Report co-authored with Yuan Stevens, Bounty Everything: Hackers and the Making of the Global Bug Marketplace (2022), this talk will explore how bounty programs transform the work of finding, disclosing, and fixing bugs. It reveals the new challenges and unexpected hazards that bounty programs pose to security researchers and documents how relying on vulnerable workers to fix vulnerable systems can lead to a world full of bugs. As bounty programs are adopted as a model for addressing a larger swatch of sociotechnical harms, the talk outlines how bounty programs can be reimagined to ensure an equitable and secure future.

Speaker

Ryan Ellis is an Associate Professor of Communication Studies at Northeastern. Ellis' research and teaching focuses on topics related to communication law and policy, infrastructure politics, and cybersecurity. He is the author of Letters, Power Lines, and Other Dangerous Things: The Politics of Infrastructure Security (MIT Press, 2020) and the editor (with Vivek Mohan) of Rewired: Cybersecurity Governance (Wiley, 2019). Prior to joining the Department, Ellis held fellowships at the Harvard Kennedy School’s Belfer Center for Science and International Affairs and at Stanford University’s Center for International Security and Cooperation (CISAC). He received a Ph.D. in Communication from the University of California, San Diego.