Anne Hennig

offen

Background

Despite the growing importance of vulnerability management within the new EU regula-tions (esp. NIS2 regulations) and the adoption of Coordinated Vulnerability Disclosure (CVD) practices in many other countries [1], the current status quo of CVD programs of German companies remains largely unexplored. Within a current research collaboration we investigate Coordinated Vulnerability Disclosure (CVD) processes in general, but also specifically within companies.

Objectives

The goal of the Bachelor thesis will be to reach out to Data Protection Officers (DPO) either of the federal states or in companies about reporting processes. The main goal of the thesis will be to explore, whether DPOs can be addressed for reports on security vulnerabilities, as had, for example, already been done related to privacy issues [2]. Questions should include whether security related vulnerabilities had been reported to DPOs in the past, and if – and in which circumstances – DPOs are or feel responsible for such reports. The students should develop a recruiting strategy, and either develop a survey or an interview study.

[1] Y.S. Pil. 2023. The Way Forward for Security Vulnerability Disclosure Policy: Comparative Analysis of US, EU, and Netherlands. In: Lee, R. (eds) Big Data, Cloud Computing, and Data Science Engineering. BCD 2022. Studies in Computational Intelligence, vol 1075. Springer, Cham. https://doi.org/10.1007/978-3-031-19608-9_10

[2] A. Hennig, H. Dietmann, F. Lehr, M. Mutter, M. Volkamer, P. Mayer. 2022. “Your Cookie Disclaimer is Not in Line with the Ideas of the GDPR. Why?”. In: Clarke, N., Furnell, S. (eds) Human Aspects of Information Security and Assurance. HAISA 2022. IFIP Advances in Information and Communication Technology, vol 658. Springer, Cham. https://doi.org/10.1007/978-3-031-12172-2_17

Important information

Please visit https://secuso.aifb.kit.edu/121.php for our thesis guide and more information on our procedure.