Why do Internet Devices Remain Vulnerable? A Survey with System Administrators

Proceedings 2023 Workshop on Measurements, Attacks, and Defenses for the Web Pub Date : 1900-01-01 DOI:10.14722/madweb.2023.23043

T. Bondar, Hala Assal, A. Abdou

{"title":"Why do Internet Devices Remain Vulnerable? A Survey with System Administrators","authors":"T. Bondar, Hala Assal, A. Abdou","doi":"10.14722/madweb.2023.23043","DOIUrl":null,"url":null,"abstract":"—In efforts to understand the reasons behind Internet-connected devices remaining vulnerable for a long time, previous literature analyzed the effectiveness of large-scale vul- nerability notiﬁcations on remediation rates. Herein we focus on the perspective of system administrators. Through an online sur- vey study with 89 system administrators worldwide, we investigate factors affecting their decisions to remediate or ignore a security vulnerability. We use Censys to ﬁnd servers with vulnerable public-facing services, extract the abuse contact information from WHOIS, and email an invitation to ﬁll out the survey. We found no evidence that awareness of the existence of a vulnerability affects remediation plans, which explains the consistently small remediation rates following notiﬁcation campaigns conducted in previous research. More interestingly, participants did not agree on a speciﬁc factor as the primary cause for lack of remediation. Many factors appeared roughly equally important, including backwards compatibility, technical knowledge, available resources, and motive to remediate.","PeriodicalId":205270,"journal":{"name":"Proceedings 2023 Workshop on Measurements, Attacks, and Defenses for the Web","volume":"32 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"1900-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings 2023 Workshop on Measurements, Attacks, and Defenses for the Web","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.14722/madweb.2023.23043","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 0

Abstract

—In efforts to understand the reasons behind Internet-connected devices remaining vulnerable for a long time, previous literature analyzed the effectiveness of large-scale vul- nerability notiﬁcations on remediation rates. Herein we focus on the perspective of system administrators. Through an online sur- vey study with 89 system administrators worldwide, we investigate factors affecting their decisions to remediate or ignore a security vulnerability. We use Censys to ﬁnd servers with vulnerable public-facing services, extract the abuse contact information from WHOIS, and email an invitation to ﬁll out the survey. We found no evidence that awareness of the existence of a vulnerability affects remediation plans, which explains the consistently small remediation rates following notiﬁcation campaigns conducted in previous research. More interestingly, participants did not agree on a speciﬁc factor as the primary cause for lack of remediation. Many factors appeared roughly equally important, including backwards compatibility, technical knowledge, available resources, and motive to remediate.

查看原文本刊更多论文

互联网设备为何易受攻击?系统管理员调查

为了理解互联网连接设备长期存在漏洞背后的原因，之前的文献分析了大规模漏洞通知对修复率的有效性。在这里，我们关注系统管理员的视角。通过对全球89位系统管理员的在线调查研究，我们调查了影响他们决定修复或忽略安全漏洞的因素。我们使用Censys查找具有易受攻击的面向公众服务的服务器，从WHOIS中提取滥用联系信息，并通过电子邮件邀请填写调查。我们没有发现任何证据表明意识到漏洞的存在会影响补救计划，这就解释了在之前的研究中，在通知活动之后，补救率一直很低。更有趣的是，参与者没有同意一个具体的因素是缺乏补救的主要原因。许多因素似乎同样重要，包括向后兼容性、技术知识、可用资源和修复的动机。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Proceedings 2023 Workshop on Measurements, Attacks, and Defenses for the Web

自引率

0.00%

发文量