NorthSec 2021

Yuan Stevens

Yuan (rhymes with Suzanne) Stevens works at the intersections of law, policy, and technology with a focus on privacy and cybersecurity. She holds the position of Policy Lead on Technology, Cybersecurity and Democracy at the action-oriented think tank Ryerson Leadership Lab at Ryerson University. Her work equips society with the ability to understand and patch up harmful vulnerabilities in sociotechnical and legal systems. Based in Montréal, she is a research fellow at McGill University’s Centre for Media, Technology & Democracy and research affiliate at Data & Society Research Institute. She received her BCL/JD from McGill University in 2017. She serves on the board of directors for Open Privacy Research Institute, Head & Hands in Montréal, and previously worked at the Berkman Klein Center for Internet & Society at Harvard University.

The speaker's profile picture

Twitter account (full URL)

https://twitter.com/ystvns

What is your title?

Policy Lead on Technology, Cybersecurity and Democracy; Research Affiliate

What is your company/affiliation(s)?

Ryerson Leadership Lab and Cybersecure Policy Exchange at Ryerson University; Data & Society Research Institute

Website (full URL)

https://yuanstevens.org


Sessions

05-20
17:10
40min
Vulnerability research
Ivica Stipovic, Jeff Dileo, Addison Amiri, Yuan Stevens, Stephanie Tran, Florian Martin-Bariteau, Pedro Ribeiro, Rayna Stamboliyska

Q&A and discussion for the malware block, hosted and moderated by Rayna Stamboliyska. Questions will be gathered from the audience during the four prior talks.

Vulnerability research
Main stream
05-20
15:25
30min
See Something, Say Something? The State of Coordinated Vulnerability Disclosure in Canada’s Federal Government
Stephanie Tran, Florian Martin-Bariteau, Yuan Stevens

Countries around the world like the US, the UK and the Netherlands have all adopted coordinated vulnerability disclosure (CVD) frameworks to better secure government computer systems. CVD is an approach to vulnerability disclosure that provides good faith external security researchers a procedure for disclosing security flaws.

However, the topic has largely remained understudied and underutilized in the Canadian context, leaving federal government institutions potentially more vulnerable in the face of internal and external threat actors. This talk identifies best practices and the policy frameworks needed to harness the efforts of security researchers who find and disclose security flaws in Canada’s federal government software, web applications, and potentially hardware, vehicles and critical infrastructures before adversaries do.

Vulnerability research
Main stream