Auf der Konferenz Human Factors in Computing Systems (CHI 2022) in New Orleans wurde ein Forschungspaper vorgestellt, welches beschreibt, wie im Rahmen von INSPECTION die Betroffenen eines Hackings in einer Weise angeschrieben werden können, die diese auch erreicht.
Der Konferenzbeitrag beschreibt eine Interview-Studie mit deutschen Website-Besitzer:innen, bei der Wege zur effektiven Schwachstellen-Benachrichtigung identifiziert wurden.
Abstract: Running a business without having a website is nearly impossible nowadays. Most business owners use content managements systems to manage their websites. Yet, those can pose security risks and provide vulnerabilities for manipulations. With vulnerability notifications, website owners are notified about security risks. To identify common themes with respect to vulnerability notifications and provide deeper insight into the motivations of website owners to react to those notifications, we conducted 25 semi-structured interviews. In compliance with previous research, we could confirm that distrust in unexpected notifications is high and, in contrast to previous research, we suggest that verification possibilities are the most important factors to establish trust in notifications. We also endorse the findings that raising awareness for the severity and the complexity of the problems is crucial to increase remediation rates.