TU Darmstadt / ULB / TUbiblio

Best Practices for Notification Studies for Security and Privacy Issues on the Internet

Maass, Max ; Pridöhl, Henning ; Herrmann, Dominik ; Hollick, Matthias (2021)
Best Practices for Notification Studies for Security and Privacy Issues on the Internet.
ARES 2021: The 16th International Conference on Availability, Reliability and Security. Vienna, Austria (17.-20.08.2021)
doi: 10.1145/3465481.3470081
Conference or Workshop Item, Bibliographie

This is the latest version of this item.

Abstract

Researchers help operators of vulnerable and non-compliant internet services by individually notifying them about security and privacy issues uncovered in their research. To improve efficiency and effectiveness of such efforts, dedicated notification studies are imperative. As of today, there is no comprehensive documentation of pitfalls and best practices for conducting such notification studies, which limits validity of results and impedes reproducibility. Drawing on our experience with such studies and guidance from related work, we present a set of guidelines and practical recommendations, including initial data collection, sending of notifications, interacting with the recipients, and publishing the results. We note that future studies can especially benefit from extensive planning and automation of crucial processes, i. e., activities that take place well before the first notifications are sent.

Item Type: Conference or Workshop Item
Erschienen: 2021
Creators: Maass, Max ; Pridöhl, Henning ; Herrmann, Dominik ; Hollick, Matthias
Type of entry: Bibliographie
Title: Best Practices for Notification Studies for Security and Privacy Issues on the Internet
Language: English
Date: 2021
Place of Publication: Darmstadt
Publisher: Association for Computing Machinery
Book Title: The 16th International Conference on Availability, Reliability and Security
Collation: 10 Seiten
Event Title: ARES 2021: The 16th International Conference on Availability, Reliability and Security
Event Location: Vienna, Austria
Event Dates: 17.-20.08.2021
DOI: 10.1145/3465481.3470081
Corresponding Links:
Abstract:

Researchers help operators of vulnerable and non-compliant internet services by individually notifying them about security and privacy issues uncovered in their research. To improve efficiency and effectiveness of such efforts, dedicated notification studies are imperative. As of today, there is no comprehensive documentation of pitfalls and best practices for conducting such notification studies, which limits validity of results and impedes reproducibility. Drawing on our experience with such studies and guidance from related work, we present a set of guidelines and practical recommendations, including initial data collection, sending of notifications, interacting with the recipients, and publishing the results. We note that future studies can especially benefit from extensive planning and automation of crucial processes, i. e., activities that take place well before the first notifications are sent.

Classification DDC: 000 Generalities, computers, information > 004 Computer science
Divisions: 20 Department of Computer Science
20 Department of Computer Science > Sichere Mobile Netze
Date Deposited: 02 Jul 2024 23:13
Last Modified: 02 Jul 2024 23:13
PPN:
Export:
Suche nach Titel in: TUfind oder in Google

Available Versions of this Item

Send an inquiry Send an inquiry

Options (only for editors)
Show editorial Details Show editorial Details