Maass, Max ; Pridöhl, Henning ; Herrmann, Dominik ; Hollick, Matthias (2021)
Best Practices for Notification Studies for Security and Privacy Issues on the Internet.
ARES 2021: The 16th International Conference on Availability, Reliability and Security. Vienna, Austria (17.-20.08.2021)
doi: 10.1145/3465481.3470081
Konferenzveröffentlichung, Bibliographie
Dies ist die neueste Version dieses Eintrags.
Kurzbeschreibung (Abstract)
Researchers help operators of vulnerable and non-compliant internet services by individually notifying them about security and privacy issues uncovered in their research. To improve efficiency and effectiveness of such efforts, dedicated notification studies are imperative. As of today, there is no comprehensive documentation of pitfalls and best practices for conducting such notification studies, which limits validity of results and impedes reproducibility. Drawing on our experience with such studies and guidance from related work, we present a set of guidelines and practical recommendations, including initial data collection, sending of notifications, interacting with the recipients, and publishing the results. We note that future studies can especially benefit from extensive planning and automation of crucial processes, i. e., activities that take place well before the first notifications are sent.
| Typ des Eintrags: | Konferenzveröffentlichung |
|---|---|
| Erschienen: | 2021 |
| Autor(en): | Maass, Max ; Pridöhl, Henning ; Herrmann, Dominik ; Hollick, Matthias |
| Art des Eintrags: | Bibliographie |
| Titel: | Best Practices for Notification Studies for Security and Privacy Issues on the Internet |
| Sprache: | Englisch |
| Publikationsjahr: | 2021 |
| Ort: | Darmstadt |
| Verlag: | Association for Computing Machinery |
| Buchtitel: | The 16th International Conference on Availability, Reliability and Security |
| Kollation: | 10 Seiten |
| Veranstaltungstitel: | ARES 2021: The 16th International Conference on Availability, Reliability and Security |
| Veranstaltungsort: | Vienna, Austria |
| Veranstaltungsdatum: | 17.-20.08.2021 |
| DOI: | 10.1145/3465481.3470081 |
| Zugehörige Links: | |
| Kurzbeschreibung (Abstract): | Researchers help operators of vulnerable and non-compliant internet services by individually notifying them about security and privacy issues uncovered in their research. To improve efficiency and effectiveness of such efforts, dedicated notification studies are imperative. As of today, there is no comprehensive documentation of pitfalls and best practices for conducting such notification studies, which limits validity of results and impedes reproducibility. Drawing on our experience with such studies and guidance from related work, we present a set of guidelines and practical recommendations, including initial data collection, sending of notifications, interacting with the recipients, and publishing the results. We note that future studies can especially benefit from extensive planning and automation of crucial processes, i. e., activities that take place well before the first notifications are sent. |
| Sachgruppe der Dewey Dezimalklassifikatin (DDC): | 000 Allgemeines, Informatik, Informationswissenschaft > 004 Informatik |
| Fachbereich(e)/-gebiet(e): | 20 Fachbereich Informatik 20 Fachbereich Informatik > Sichere Mobile Netze |
| Hinterlegungsdatum: | 02 Jul 2024 23:13 |
| Letzte Änderung: | 02 Jul 2024 23:13 |
| PPN: | |
| Export: | |
| Suche nach Titel in: | TUfind oder in Google |
Verfügbare Versionen dieses Eintrags
-
Best Practices for Notification Studies for Security and Privacy Issues on the Internet. (deposited 29 Jul 2022 13:15)
- Best Practices for Notification Studies for Security and Privacy Issues on the Internet. (deposited 02 Jul 2024 23:13) [Gegenwärtig angezeigt]
 |
Frage zum Eintrag |
Optionen (nur für Redakteure)
 |
Redaktionelle Details anzeigen |
Drucken
Impressum