Researchers help operators of vulnerable and non-compliant internet services by individually notifying them about security and privacy issues uncovered in their research. To improve efficiency and effectiveness of such efforts, dedicated notification studies are imperative. As of today, there is no comprehensive documentation of pitfalls and best practices for conducting such notification studies, which limits validity of results and impedes reproducibility. Drawing on our experience with such studies and guidance from related work, we present a set of guidelines and practical recommendations, including initial data collection, sending of notifications, interacting with the recipients, and publishing the results. We note that future studies can especially benefit from extensive planning and automation of crucial processes, i.e., activities that take place well before the first notifications are sent.
翻译:研究人员帮助脆弱和不达标的互联网服务的操作者,个别地通知他们研究中发现的安全和隐私问题。为了提高这种努力的效率和效力,必须进行专门的通知研究。截至今天,还没有关于进行这种通知研究的缺陷和最佳做法的全面文件,这些缺陷和最佳做法限制了结果的有效性,妨碍了信息的再传播。根据我们进行这种研究的经验和相关工作的指导,我们提出一套指导方针和实际建议,包括初步数据收集、发出通知、与接受者互动和公布结果。我们指出,未来研究特别能够受益于重要进程的广泛规划和自动化,即早在发出第一份通知之前就已经开展的活动。
相关内容
- Today (iOS and OS X): widgets for the Today view of Notification Center
- Share (iOS and OS X): post content to web services or share content with others
- Actions (iOS and OS X): app extensions to view or manipulate inside another app
- Photo Editing (iOS): edit a photo or video in Apple's Photos app with extensions from a third-party apps
- Finder Sync (OS X): remote file storage in the Finder with support for Finder content annotation
- Storage Provider (iOS): an interface between files inside an app and other apps on a user's device
- Custom Keyboard (iOS): system-wide alternative keyboards
Source: iOS 8 Extensions: Apple’s Plan for a Powerful App Ecosystem
微信扫码咨询专知VIP会员