Tufts faculty recognized at the USENIX Security Symposium
Assistant Professor Daniel Votipka and Associate Professor Josephine Wolff were recently recognized for their achievement at the 32nd USENIX Security Symposium. Votipka, of the Department of Computer Science, was awarded a Distinguished Paper Award for his paper “Bug Hunters’ Perspectives on the Challenges and Benefits of the Bug Bounty Ecosystem," written with researchers at University of Maryland, Pennsylvania State University, University of Houston, Technical University of Munich, and University of California Berkeley. The paper discusses how although researchers have characterized the bug-bounty ecosystem from the point of view of platforms and programs, minimal effort has been made to understand the perspectives of the main workers: bug hunters.
A bug bounty is a crowdsourced effort by a private company to discover and resolve bugs within their code. Participants typically have a knowledge or interest in cybersecurity, and can earn rewards and recognition from the company for finding bugs. To improve bug bounties, it is important to understand hunters' motivating factors, challenges, and overall benefits. Ultimately the researchers discovered that rewards and learning opportunities were the most important benefits. On the other hand, earning reputation was one of the least important motivators for hunters. The team presented recommendations to make the bug-bounty ecosystem more accommodating and ultimately increase participation in an underutilized market.
Votipka and Wolff – who holds a primary appointment at The Fletcher School and a secondary appointment in the Department of Computer Science – were also recognized as Noteworthy Reviewers at the symposium. Votipka and Wolff were not the only Tufts faculty who were recognized by USENIX this year. Bridge Professor Susan Landau, with joint appointments in the Department of Computer Science and The Fletcher School, also recently received a USENIX Lifetime Achievement Award.
The USENIX Security Symposium serves as a unifying platform for researchers, practitioners, system administrators, system programmers, and anyone passionate about computer system and network security and privacy. Attendees at this symposium have the unique opportunity to engage in discussions, share their expertise, and gain invaluable insights into the most recent breakthroughs and emerging trends in the field. The noteworthy achievements of Votipka, Wolff, and Landau underscore Tufts University's ongoing commitment to fostering excellence in computer science research and contributions to the advancement of cybersecurity knowledge.