Tell Me You Fixed It: Evaluating Vulnerability Notifications via Quarantine Networks

  title={Tell Me You Fixed It: Evaluating Vulnerability Notifications via Quarantine Networks},
  author={Orçun Çetin and Carlos Ga{\~n}{\'a}n and L. Altena and Samaneh Tajalizadehkhoob and M. Eeten},
  journal={2019 IEEE European Symposium on Security and Privacy (EuroS&P)},
Mechanisms for large-scale vulnerability notifications have been confronted with disappointing remediation rates. It has proven difficult to reach the relevant party and, once reached, to incentivize them to act. We present the first empirical study of a potentially more effective mechanism: quarantining the vulnerable resource until it is remediated. We have measured the remediation rates achieved by a medium-sized ISP for 1, 688 retail customers running open DNS resolvers or Multicast DNS… Expand
2 Citations
Remedying Security Concerns at an Internet Scale
  • F. Li
  • Computer Science
  • 2019
  • PDF
Effective Notification Campaigns on the Web: A Matter of Trust, Framing, and Support
  • Highly Influenced
  • PDF


You've Got Vulnerability: Exploring Effective Vulnerability Notifications
  • 64
  • Highly Influential
  • PDF
Hey, You Have a Problem: On the Feasibility of Large-Scale Web Vulnerability Notification
  • 48
  • PDF
Didn't You Hear Me? - Towards More Successful Web Vulnerability Notifications
  • 28
  • PDF
Remedying Web Hijacking: Notification Effectiveness and Webmaster Comprehension
  • 37
  • PDF
Let Me Out! Evaluating the Effectiveness of Quarantining Compromised Users in Walled Gardens
  • 8
  • PDF
Exit from Hell? Reducing the Impact of Amplification DDoS Attacks
  • 154
  • Highly Influential
  • PDF
Do Malware Reports Expedite Cleanup? An Experimental Study
  • 29
  • PDF
Cleaning Up the Internet of Evil Things: Real-World Evidence on ISP and Consumer Efforts to Remove Mirai
  • 20
  • PDF
Understanding the Role of Sender Reputation in Abuse Reporting and Cleanup
  • 34
  • PDF