Why do internet devices remain vulnerable? a survey with system administrators
T Bondar, H Assal, AR Abdou
A group led by Tamara Bondar at Carleton University (2023) reported on why do internet devices remain vulnerable. The text discusses the persistent lack of vulnerability remediation in systems and the reasons behind it. It mentions that there is a long tail of systems that remain on older software versions, making them vulnerable. The text also highlights the use of unique identifiers and severity ratings for vulnerabilities. A survey was conducted with system administrators to understand the reasons for the lack of remediation. Compatibility issues and third-party dependencies were found to be influential factors. The text mentions the challenges of backporting and the purpose of responsible disclosure. The objective of the research is to better understand why network operators may be unable to address vulnerabilities. The survey included administrators with known vulnerabilities in their systems. The text also mentions the use of Qualtrics for the survey and the selection of vulnerabilities with varying severity levels. The importance of compatibility and decommissioning old systems is emphasized. Factors such as limited resources, technical knowledge, and internal company politics were discussed by participants. Overall, the findings complement previous literature on vulnerability remediation.
89 system administrators were included in the analysis.
The researchers’ results claim to reinforce previous work in this field: “System admins are requesting more information about the scans that identified vulnerable software versions and the tools and methodologies used to aid their investigations and remediation efforts,” Бондар said.
However, “The paper focuses on specific admins whose systems are vulnerable despite the availability of a remediation mechanism. The findings provide insights into the issues faced by these admins and aim to identify ways to support them,” say the investigators.
The authors advocate that the text asks for questions or concerns and offers the option to opt-out of future studies.
Bondar, T., Assal, H., & Abdou, A. (2023). Why do internet devices remain vulnerable? a survey with system administrators. In Workshop on Measurements, Attacks, and Defenses for the Web (MADWeb 2023). NDSS.