Lawrence Piao's Homepage

Cybersecurity, Privacy and Trust PhD Student

About Me

I am Yangheran Piao_{[Pronounced: /jɑːŋ hə ɻæn piɑʊ/]}, a second-year PhD studnet at the School of Informastic, University of Edinburgh, under the supervision of Prof. Ross Anderson, Dr. Daniel Woods and Dr. Jingjie Li. My research interests include security economics, usable security, software supply chain security and cybercrime.

For now, my work specifically investigates the behaviors and perceptions of key stakeholders in the bug bounty ecosystem, including the collective actions among hackers, the responses of vulnerability researchers to security laws, as well as the impact of these laws on them. I am also exploring AI vulnerability disclosure practices and models.

News & Updates

03/2025 – Our papers titled “Anticipating personal cyber insurance disputes: A US/UK user study” and “Unfairness in the bug bounty ecosystem: Problems, metrics, and solutions” will appear at WEIS 2025, Tokyo, Japan.
03/2025 – I gave a presentation titled “The bug bounty manifesto: Collectivization and fairness” at Security Protocols Workshop XXIX in Cambridge. I also gave a brief talk on Ross’s research and activism regarding responsible disclosure at Rossfest Symposium.
09/2024 – My paper titled “Study club, labor union or start-up? Characterizing teams and collaboration in the bug bounty ecosystem” has been accepted for IEEE S&P (Oakland) 2025.
07/2024 – My poster titled “Finding bugs with friends: Incentivizing vulnerability discovery through teaming and collaboration” was presented at PETS 2024, Bristol, UK.

Recent Publications

Yangheran Piao, Harita Lolla, Daniel W. Woods. The long shadow of the Computer Fraud and Abuse Act: Exploring user discussions on the legality of vulnerability research on Reddit. In Rossfest Festschrift for Ross Anderson, 2025
Yangheran Piao, Temima Hrle, Daniel W. Woods, Ross Anderson. Study club, labor union or start-up? Characterizing teams and collaboration in the bug bounty ecosystem. In 46th IEEE Symposium on Security and Privacy (S&P’25), 2025
Pengyuan Chen, Lei Zhao, Yangheran Piao, Hongwei Ding, et al. Multimodal visual-textual object graph attention network for propaganda detection in memes. Multimedia Tools and Applications, 2024, 36629-36644

Teaching

Teaching Assistant & Co-Instructor:
- Usable Security and Privacy (INFR11158/11230, 74 students), University of Edinburgh, Spring 2025
  - Led the lecture on Vulnerability Research & Bug Bounty
- Security Engineering (INFR11208/11228, 72 students), University of Edinburgh, Spring 2024
  - Security Engineering — Third Edition (PDF)
  - Teaching Videos
- Network Security (3150530011021, 52 students), Wuhan University, Spring 2020
Assisting in Master’s Thesis Advising:
- Harita Lolla (2023-2024)

Professional Activities

Reviewer:

Great research is done with a shovel, not with tweezers

— Roger Needham