Security Research Legal Defense Fund Appoints Casey John Ellis and Jen Ellis to Board

Fund expands leadership as it enters next phase of growth

WASHINGTON, D.C. — March 18, 2026 — The nonprofit Security Research Legal Defense Fund (SRLDF) today announced the appointment of Casey John Ellis and Jen Ellis to its board. Their addition strengthens the Fund’s mission to protect and empower the global cybersecurity research community.

Why This Matters

Security researchers who discover and responsibly disclose security vulnerabilities are essential to the cyber resilience of the systems the world relies on. Yet researchers regularly face prosecution, civil suits, and legal intimidation for work conducted in good faith. The SRLDF was established in 2023 as a 501(c)(3) nonprofit to ensure researchers have the legal support and protection they need. Its current board members are Kurt Opsahl, Jim Dempsey, and Harley Geiger.

The SRLDF aims to expand its reach into the security research community and carry forward a strong message that those conducting good faith security research are not alone or unappreciated in their efforts. These new board appointments bring decades of frontline experience in security research, policy, and community advocacy, deepening the SRLDF’s capacity to identify urgent cases, expand outreach to at-risk researchers worldwide, and guide grantmaking and legal support priorities.

Looking Back: The Fund’s First Chapter

Since its founding, the SRLDF has provided grants to researchers facing legal threats for responsible vulnerability disclosure. In 2025, the Fund awarded a $20,000 grant to three Maltese university students who were criminally charged, raided by armed police, and strip-searched after responsibly disclosing security flaws in a widely used student app. That case ended with a Presidential Pardon and Malta beginning to draft legislation to legalize ethical security research. The students subsequently shared their experience at a major security conference, putting a human face on the risks researchers take.

“We are honored to be joined by Casey and Jen on the board,” said SRLDF President Kurt Opsahl. “Their deep roots in the security research community and wealth of experience in protecting the right to research and disclosure will strengthen the SRLDF’s ability to defend the good-faith research that advances cybersecurity for the public interest.”

What’s Next

With an expanded board, the SRLDF is focused on four priorities:

  • Protect researchers. The SRLDF grants provide timely legal assistance and counsel to researchers facing prosecution, civil suits, or other legal threats arising from responsible vulnerability disclosure and security research.
  • Expand global reach. With Casey’s and Jen’s networks spanning industry, policy, and research communities across multiple continents, the Fund will better surface cases beyond the U.S., connect researchers to pro bono counsel, and amplify safe-harbor and legal-defense resources in jurisdictions where researchers are most vulnerable.
  • Advance policy and norms. Working with the SRLDF’s founding board members, the new appointees will develop strategic positions and strategies to shape policies and norms that distinguish good-faith security research from criminality, reduce the chilling effect that discourages coordinated disclosure, and support rehabilitation and positive pathways for early-career researchers.
  • Build community trust. The SRLDF will build and strengthen its role as a trusted, practitioner-led neutral resource — ensuring researchers have an accessible, well-resourced safety net when facing legal threats tied to responsible research.

About the New Board Members

Casey John Ellis is the founder of Bugcrowd and co-founder and president of disclose.io, the open-source vulnerability disclosure and safe harbor framework. A 25-year veteran of information security, he has advised the White House, the U.S. Department of Defense, the Department of Justice, and CISA on cybersecurity policy, and served as amicus curiae in the Van Buren v. United States Supreme Court case. He joins the SRLDF board focused on community advocacy and researcher outreach. “I’m honored to join the SRLDF board and to stand with researchers who advance public safety through their work,” said Casey John Ellis. “Ensuring legal protection for good-faith security research is essential to preserving the internet’s immune system.”

Jen Ellis is the founder of NextJenSecurity, a member of the boards of the CVE Program and the Center for Cybersecurity Policy and Law, and a fellow of both the Institute for Security and Technology and the Royal United Services Institute. She spent 11 years at security firm Rapid7, where as vice president of community and public affairs, she built the company’s security research advocacy program and shaped its coordinated vulnerability disclosure practices. She has briefed U.S. Congressional offices on the Computer Fraud and Abuse Act more than 150 times and serves on the UK Cabinet Office’s Government Cyber Advisory Board. She joins the SRLDF board as treasurer. “Researchers need practical legal support and stronger norms that protect good intent,” said Jen Ellis. “I look forward to helping the Fund grow its reach and impact, especially for researchers operating outside major jurisdictions.”

The SRLDF is a 501(c)(3) nonprofit dedicated to providing legal defense grants, counsel access, and advocacy for security researchers who face legal or regulatory action as a result of good-faith security research and disclosure. The Fund operates to preserve a safe, sustainable environment for security research globally. Learn more or support the Fund at srldf.org.