Tamara Bondar, Hala Assal, AbdelRahman Abdou (Carleton University)

In efforts to understand the reasons behind Internet-connected devices remaining vulnerable for a long time, previous literature analyzed the effectiveness of large-scale vulnerability notifications on remediation rates. Herein we focus on the perspective of system administrators. Through an online survey study with 89 system administrators worldwide, we investigate factors affecting their decisions to remediate or ignore a security vulnerability. We use Censys to find servers with vulnerable public-facing services, extract the abuse contact information from WHOIS, and email an invitation to fill out the survey. We found no evidence that awareness of the existence of a vulnerability affects remediation plans, which explains the consistently small remediation rates following notification campaigns conducted in previous research. More interestingly, participants did not agree on a specific factor as the primary cause for lack of remediation. Many factors appeared roughly equally important, including backwards compatibility, technical knowledge, available resources, and motive to remediate.

View More Papers

Non-Interactive Privacy-Preserving Sybil-Free Authentication Scheme in VANETs

Mahdi Akil (Karlstad University), Leonardo Martucci (Karlstad University), Jaap-Henk Hoepman (Radboud University)

Read More

“I didn't click”: What users say when reporting phishing

Nikolas Pilavakis, Adam Jenkins, Nadin Kokciyan, Kami Vaniea (University of Edinburgh)

Read More

Position Paper: Space System Threat Models Must Account for...

Benjamin Cyr and Yan Long (University of Michigan), Takeshi Sugawara (The University of Electro-Communications), Kevin Fu (Northeastern University)

Read More

Detection and Resolution of Control Decision Anomalies

Prof. Kang Shin (Kevin and Nancy O'Connor Professor of Computer Science, and the Founding Director of the Real-Time Computing Laboratory (RTCL) in the Electrical Engineering and Computer Science Department at the University of Michigan)

Read More