Computer Security Researchers’ Experiences with Vulnerability Disclosures

Harshini Sri Ramulu; Anna Lena Rotthaler; Jost Rossel; Rachel Gonzalez; Dominik Wermke; Sascha Fahl; Tadayoshi Kohno; Juraj Somorovsky; Yasemin Acar

Poster: Computer Security Researchers’ Experiences with Vulnerability Disclosures

Type:

Poster

Authors:

Harshini Sri Ramulu, Anna Lena Rotthaler, Jost Rossel, Rachel Gonzalez, Dominik Wermke, Sascha Fahl, Tadayoshi Kohno, Juraj Somorovsky, and Yasemin Acar.

Venue:

32nd ACM Conference on Computer and Communications Security (CCS)

Award:

Best Poster Award

Poster

Abstract

Vulnerability disclosures are necessary to improve the security of our digital ecosystem. However, they can also be challenging for researchers: it may be hard to find out who the affected parties even are, or how to contact them. Researchers may be ignored or face adversity when disclosing vulnerabilities. We investigate researchers’ experiences with vulnerability disclosures, extract best practices, and make recommendations for researchers, institutions that employ them, industry, and regulators to enable effective vulnerability disclosures.