Rishika Thorat (Purdue University), Tatiana Ringenberg (Purdue University)

AI-assisted cybersecurity policy development has the potential to reduce organizational burdens while improving compliance. This study examines how cybersecurity students and professionals develop ISO29147-aligned vulnerability disclosure policies (VDPs) with and without AI. Through this project, we will evaluate compliance, ethical accountability, and transparency of the policies through the lens of Kaspersky’s ethical principles.

Both students and professionals will produce policies manually and with AI, reflecting on utility and reliability. We will analyze resulting policies, prompts, and reflections through regulatory mapping, rubric-based evaluations, and thematic analysis. This project aims to inform educational strategies and industry best practices for integrating AI in cybersecurity policy development, focusing on expertise, collaboration, and ethical considerations.

We invite feedback from the Usable Security and Privacy community on participant recruitment, evaluation criteria, ethical frameworks, and ways to maximize the study’s impact on academia and industry.

View More Papers

Be Careful of What You Embed: Demystifying OLE Vulnerabilities

Yunpeng Tian (Huazhong University of Science and Technology), Feng Dong (Huazhong University of Science and Technology), Haoyi Liu (Huazhong University of Science and Technology), Meng Xu (University of Waterloo), Zhiniang Peng (Huazhong University of Science and Technology; Sangfor Technologies Inc.), Zesen Ye (Sangfor Technologies Inc.), Shenghui Li (Huazhong University of Science and Technology), Xiapu Luo…

Read More

SoK: A Proposal for Incorporating Gamified Cybersecurity Awareness in...

June De La Cruz (INSPIRIT Lab, University of Denver), Sanchari Das (INSPIRIT Lab, University of Denver)

Read More

FUZZUER: Enabling Fuzzing of UEFI Interfaces on EDK-2

Connor Glosner (Purdue University), Aravind Machiry (Purdue University)

Read More