Maass, Max ; Pridöhl, Henning ; Herrmann, Dominik ; Hollick, Matthias (2022):
Best Practices for Notification Studies for Security and Privacy Issues on the Internet. (Postprint)
In: The 16th International Conference on Availability, Reliability and Security,
Darmstadt, Association for Computing Machinery, ARES 2021: The 16th International Conference on Availability, Reliability and Security, Vienna, Austria, 17.-20.08.2021, ISBN 978-1-4503-9051-4,
DOI: 10.26083/tuprints-00021773,
[Conference or Workshop Item]
Abstract
Researchers help operators of vulnerable and non-compliant internet services by individually notifying them about security and privacy issues uncovered in their research. To improve efficiency and effectiveness of such efforts, dedicated notification studies are imperative. As of today, there is no comprehensive documentation of pitfalls and best practices for conducting such notification studies, which limits validity of results and impedes reproducibility. Drawing on our experience with such studies and guidance from related work, we present a set of guidelines and practical recommendations, including initial data collection, sending of notifications, interacting with the recipients, and publishing the results. We note that future studies can especially benefit from extensive planning and automation of crucial processes, i. e., activities that take place well before the first notifications are sent.
| Item Type: | Conference or Workshop Item |
|---|---|
| Erschienen: | 2022 |
| Creators: | Maass, Max ; Pridöhl, Henning ; Herrmann, Dominik ; Hollick, Matthias |
| Origin: | Secondary publication service |
| Status: | Postprint |
| Title: | Best Practices for Notification Studies for Security and Privacy Issues on the Internet |
| Language: | English |
| Abstract: | Researchers help operators of vulnerable and non-compliant internet services by individually notifying them about security and privacy issues uncovered in their research. To improve efficiency and effectiveness of such efforts, dedicated notification studies are imperative. As of today, there is no comprehensive documentation of pitfalls and best practices for conducting such notification studies, which limits validity of results and impedes reproducibility. Drawing on our experience with such studies and guidance from related work, we present a set of guidelines and practical recommendations, including initial data collection, sending of notifications, interacting with the recipients, and publishing the results. We note that future studies can especially benefit from extensive planning and automation of crucial processes, i. e., activities that take place well before the first notifications are sent. |
| Book Title: | The 16th International Conference on Availability, Reliability and Security |
| Place of Publication: | Darmstadt |
| Publisher: | Association for Computing Machinery |
| ISBN: | 978-1-4503-9051-4 |
| Collation: | 10 Seiten |
| Divisions: | 20 Department of Computer Science 20 Department of Computer Science > Sichere Mobile Netze |
| Event Title: | ARES 2021: The 16th International Conference on Availability, Reliability and Security |
| Event Location: | Vienna, Austria |
| Event Dates: | 17.-20.08.2021 |
| Date Deposited: | 29 Jul 2022 13:15 |
| DOI: | 10.26083/tuprints-00021773 |
| URL / URN: | https://tuprints.ulb.tu-darmstadt.de/21773 |
| URN: | urn:nbn:de:tuda-tuprints-217730 |
| PPN: | |
| Corresponding Links: | |
| Export: | |
| Suche nach Titel in: | TUfind oder in Google |
 |
Send an inquiry |
Options (only for editors)
 |
Show editorial Details |
Drucken
Impressum