NorthSec 2021

Stephanie Tran

Stephanie is a Policy and Research Assistant at the Cybersecure Policy Exchange and Ryerson Leadership Lab. She is an experienced researcher with over five years of experience analyzing public policy and human rights issues related to digital technologies, with past experience working for the Citizen Lab, Amnesty International Canada, the United Nations Office for the Coordination of Humanitarian Affairs (UN OCHA) and more. She is a trained computer programmer, having earned a Diploma in Computer Programming from Seneca College. She also holds a dual degree Master of Public Policy (Digital, New Technology and Public Affairs Policy stream) from Sciences Po in Paris, and a Master of Global Affairs from the University of Toronto. She earned her BA degree from the University of Toronto specializing in Peace, Conflict and Justice.

The speaker's profile picture

What is your company/affiliation(s)?

Ryerson Leadership Lab

What is your title?

Policy and Research Assistant

Website (full URL)

LinkedIn profile (full URL)

GitHub account (full URL)


Vulnerability research
Ivica Stipovic, Jeff Dileo, Addison Amiri, Yuan Stevens, Stephanie Tran, Florian Martin-Bariteau, Pedro Ribeiro, Rayna Stamboliyska

Q&A and discussion for the malware block, hosted and moderated by Rayna Stamboliyska. Questions will be gathered from the audience during the four prior talks.

Vulnerability research
Main stream
See Something, Say Something? The State of Coordinated Vulnerability Disclosure in Canada’s Federal Government
Stephanie Tran, Florian Martin-Bariteau, Yuan Stevens

Countries around the world like the US, the UK and the Netherlands have all adopted coordinated vulnerability disclosure (CVD) frameworks to better secure government computer systems. CVD is an approach to vulnerability disclosure that provides good faith external security researchers a procedure for disclosing security flaws.

However, the topic has largely remained understudied and underutilized in the Canadian context, leaving federal government institutions potentially more vulnerable in the face of internal and external threat actors. This talk identifies best practices and the policy frameworks needed to harness the efforts of security researchers who find and disclose security flaws in Canada’s federal government software, web applications, and potentially hardware, vehicles and critical infrastructures before adversaries do.

Vulnerability research
Main stream