Yangheran (Lawrence) Piao
Cybersecurity, Privacy and Trust PhD Student
About Me
I am Yangheran Piao[/jɑːŋ hə ɻæn piɑʊ/], a second-year PhD studnet at the School of Informastic, University of Edinburgh, under the supervision of Prof. Ross Anderson, Dr. Daniel Woods and Dr. Jingjie Li. My research interests include usable security, software supply chain security, security economics and cybercrime.
For now, my work specifically investigates the behaviors and perceptions of key stakeholders in the vulnerability disclosure ecosystem, including the collective actions among hackers, the responses of vulnerability researchers to security laws, as well as the impact of these laws on them. I am also exploring AI vulnerability reporting practices and models.
News & Updates
Recent Publications
- Yangheran Piao, Daniel W. Woods. Unfairness in the Bug Bounty Ecosystem: Problems, Metrics, and Solutions. In 24th Workshop on the Economics of Information Security (WEIS’25), 2025
- Temima Hrle, Yangheran Piao, Daniel W. Woods. Anticipating Personal Cyber Insurance Disputes: A US/UK User Study. In 24th Workshop on the Economics of Information Security (WEIS’25), 2025
- Yangheran Piao, Harita Lolla, Daniel W. Woods. The long shadow of the Computer Fraud and Abuse Act: Exploring user discussions on the legality of vulnerability research on Reddit. In Rossfest Festschrift for Ross Anderson, 2025
- Yangheran Piao, Temima Hrle, Daniel W. Woods, Ross Anderson. Study club, labor union or start-up? Characterizing teams and collaboration in the bug bounty ecosystem. In 46th IEEE Symposium on Security and Privacy (S&P’25), 2024
Teaching
- Teaching Assistant & Co-Instructor:
- Computer Security (Level 11) (INFR11244), University of Edinburgh, Autumn 2025
- Usable Security and Privacy (INFR11158/11230, 74 students), University of Edinburgh, Spring 2025
- Led the lecture on Vulnerability Research & Bug Bounty
- Security Engineering (INFR11208/11228, 72 students), University of Edinburgh, Spring 2024
- Network Security (3150530011021, 52 students), Wuhan University, Spring 2020
- Master’s Thesis Advising:
- Harita Lolla (2023-2024)
Service
- Reviewer:
- USENIX SEC 2026
- ACM CCS 2025
- EuroUSEC 2025
- The Computer Journal (2024,2025)
- The Journal of Supercomputing (2024)
- Social Network Analysis and Mining (2024)
Invited Talk
11/09/2025. Understanding Collective Dynamics in Vulnerability Reward Programs. Invited by Tsinghua University
24/07/2024. Exploring Teaming and Collaboration in the Bug Bounty Ecosystem. Invited by Google Chrome
Great research is done with a shovel, not with tweezers