THIS EVENT HAS BEEN POSTPONED UNTIL SPRING 2022. We apologize for any inconvenience.
The Cyber Program at the Arnold A. Saltzman Institute of War and Peace Studies presents
Debugging Bug Bounties in Cyberspace: From Vulnerability Discovery to Algorithmic Harms Redress
REGISTER FOR THE WEBINAR HERE.
Google, the Department of Defense, Starbucks, and hundreds of other companies and organizations now use “Bug Bounty” programs to buy flaws from hackers. Paying hackers to disclose bugs was once radical, now it’s common. Recently, pilot projects from Facebook, Twitter, and others have looked to extend the bounty model to address an expanded set of socio-technical harms. This event launches two reports that examine the state of bug bounty programs and what we can learn from them to address algorithmic harms. One report—Bounty Everything: Hackers and the Making of the Global Bug Marketplace—was written by Ryan Ellis and Yuan Stevens for Data & Society Research Institute and was based on 40+ interviews with bug bounty workers and cybersecurity experts. It examines the rise of bug bounty programs and highlights the risks of relying on vulnerable workers to fix vulnerable systems. The other report—Bug Bounties for Algorithmic Harms? Lessons from Cybersecurity Vulnerability Disclosure for Algorithmic Harms Discovery, Disclosure and Redress—was authored for the Algorithmic Justice League by Josh Kenway and Camille François. It examines the cautionary and constructive design lessons that can be gleaned from bug bounty programs for participatory approaches to the discovery and disclosure of sociotechnical issues, with a focus on flaws in algorithmic systems.
With Ryan Ellis, Camille François, Josh Kenway, and Yuan Stevens. Moderated by Matt Goerzen. Hosted by Jason Healey and Virpratap Singh.
