---
_id: '62738'
abstract:
- lang: eng
text: 'Vulnerability disclosures are necessary to improve the security of our digital
ecosystem. However, they can also be challenging for researchers: it may be hard
to find out who the affected parties even are, or how to contact them. Researchers
may be ignored or face adversity when disclosing vulnerabilities. We investigate
researchers'' experiences with vulnerability disclosures, extract best practices,
and make recommendations for researchers, institutions that employ them, industry,
and regulators to enable effective vulnerability disclosures.'
author:
- first_name: Harshini
full_name: Sri Ramulu, Harshini
id: '99000'
last_name: Sri Ramulu
orcid: 0000-0002-0000-5843
- first_name: Anna Lena
full_name: Rotthaler, Anna Lena
id: '97843'
last_name: Rotthaler
- first_name: Jost
full_name: Rossel, Jost
id: '58331'
last_name: Rossel
orcid: 0000-0002-3182-4059
- first_name: Rachel
full_name: Gonzalez Rodriguez, Rachel
last_name: Gonzalez Rodriguez
- first_name: Dominik
full_name: Wermke, Dominik
last_name: Wermke
- first_name: Sascha
full_name: Fahl, Sascha
last_name: Fahl
- first_name: Tadayoshi
full_name: Kohno, Tadayoshi
last_name: Kohno
- first_name: Juraj
full_name: Somorovsky, Juraj
id: '83504'
last_name: Somorovsky
orcid: 0000-0002-3593-7720
- first_name: Yasemin
full_name: Acar, Yasemin
id: '94636'
last_name: Acar
citation:
ama: 'Sri Ramulu H, Rotthaler AL, Rossel J, et al. Poster: Computer Security Researchers’
Experiences with Vulnerability Disclosures. In: Proceedings of the 2025 ACM
SIGSAC Conference on Computer and Communications Security. ACM; 2025. doi:10.1145/3719027.3760723'
apa: 'Sri Ramulu, H., Rotthaler, A. L., Rossel, J., Gonzalez Rodriguez, R., Wermke,
D., Fahl, S., Kohno, T., Somorovsky, J., & Acar, Y. (2025). Poster: Computer
Security Researchers’ Experiences with Vulnerability Disclosures. Proceedings
of the 2025 ACM SIGSAC Conference on Computer and Communications Security.
https://doi.org/10.1145/3719027.3760723'
bibtex: '@inproceedings{Sri Ramulu_Rotthaler_Rossel_Gonzalez Rodriguez_Wermke_Fahl_Kohno_Somorovsky_Acar_2025,
title={Poster: Computer Security Researchers’ Experiences with Vulnerability Disclosures},
DOI={10.1145/3719027.3760723},
booktitle={Proceedings of the 2025 ACM SIGSAC Conference on Computer and Communications
Security}, publisher={ACM}, author={Sri Ramulu, Harshini and Rotthaler, Anna Lena
and Rossel, Jost and Gonzalez Rodriguez, Rachel and Wermke, Dominik and Fahl,
Sascha and Kohno, Tadayoshi and Somorovsky, Juraj and Acar, Yasemin}, year={2025}
}'
chicago: 'Sri Ramulu, Harshini, Anna Lena Rotthaler, Jost Rossel, Rachel Gonzalez
Rodriguez, Dominik Wermke, Sascha Fahl, Tadayoshi Kohno, Juraj Somorovsky, and
Yasemin Acar. “Poster: Computer Security Researchers’ Experiences with Vulnerability
Disclosures.” In Proceedings of the 2025 ACM SIGSAC Conference on Computer
and Communications Security. ACM, 2025. https://doi.org/10.1145/3719027.3760723.'
ieee: 'H. Sri Ramulu et al., “Poster: Computer Security Researchers’ Experiences
with Vulnerability Disclosures,” 2025, doi: 10.1145/3719027.3760723.'
mla: 'Sri Ramulu, Harshini, et al. “Poster: Computer Security Researchers’ Experiences
with Vulnerability Disclosures.” Proceedings of the 2025 ACM SIGSAC Conference
on Computer and Communications Security, ACM, 2025, doi:10.1145/3719027.3760723.'
short: 'H. Sri Ramulu, A.L. Rotthaler, J. Rossel, R. Gonzalez Rodriguez, D. Wermke,
S. Fahl, T. Kohno, J. Somorovsky, Y. Acar, in: Proceedings of the 2025 ACM SIGSAC
Conference on Computer and Communications Security, ACM, 2025.'
conference:
end_date: 2025-10-17
start_date: 2025-10-13
date_created: 2025-12-02T08:48:00Z
date_updated: 2025-12-02T08:54:18Z
doi: 10.1145/3719027.3760723
keyword:
- software vulnerabilities
- vulnerability disclosure
- security research
language:
- iso: eng
main_file_link:
- open_access: '1'
url: https://dl.acm.org/doi/10.1145/3719027.3760723
oa: '1'
publication: Proceedings of the 2025 ACM SIGSAC Conference on Computer and Communications
Security
publication_status: published
publisher: ACM
status: public
title: 'Poster: Computer Security Researchers'' Experiences with Vulnerability Disclosures'
type: conference
user_id: '58331'
year: '2025'
...
---
_id: '45984'
author:
- first_name: Mannat
full_name: Kaur, Mannat
last_name: Kaur
- first_name: Harshini
full_name: Sri Ramulu, Harshini
id: '99000'
last_name: Sri Ramulu
orcid: 0000-0002-0000-5843
- first_name: Yasemin
full_name: Acar, Yasemin
last_name: Acar
- first_name: Tobias
full_name: Fiebig, Tobias
last_name: Fiebig
citation:
ama: 'Kaur M, Sri Ramulu H, Acar Y, Fiebig T. “Oh yes! over-preparing for meetings
is my jam :)”: The Gendered Experiences of System Administrators. Proc ACM
Hum Comput Interact. 2023;7(CSCW1):1–38. doi:10.1145/3579617'
apa: 'Kaur, M., Sri Ramulu, H., Acar, Y., & Fiebig, T. (2023). “Oh yes! over-preparing
for meetings is my jam :)”: The Gendered Experiences of System Administrators.
Proc. ACM Hum. Comput. Interact., 7(CSCW1), 1–38. https://doi.org/10.1145/3579617'
bibtex: '@article{Kaur_Sri Ramulu_Acar_Fiebig_2023, title={“Oh yes! over-preparing
for meetings is my jam :)”: The Gendered Experiences of System Administrators},
volume={7}, DOI={10.1145/3579617},
number={CSCW1}, journal={Proc. ACM Hum. Comput. Interact.}, author={Kaur, Mannat
and Sri Ramulu, Harshini and Acar, Yasemin and Fiebig, Tobias}, year={2023}, pages={1–38}
}'
chicago: 'Kaur, Mannat, Harshini Sri Ramulu, Yasemin Acar, and Tobias Fiebig. “‘Oh
Yes! Over-Preparing for Meetings Is My Jam :)’: The Gendered Experiences of System
Administrators.” Proc. ACM Hum. Comput. Interact. 7, no. CSCW1 (2023):
1–38. https://doi.org/10.1145/3579617.'
ieee: 'M. Kaur, H. Sri Ramulu, Y. Acar, and T. Fiebig, “‘Oh yes! over-preparing
for meetings is my jam :)’: The Gendered Experiences of System Administrators,”
Proc. ACM Hum. Comput. Interact., vol. 7, no. CSCW1, pp. 1–38, 2023, doi:
10.1145/3579617.'
mla: 'Kaur, Mannat, et al. “‘Oh Yes! Over-Preparing for Meetings Is My Jam :)’:
The Gendered Experiences of System Administrators.” Proc. ACM Hum. Comput.
Interact., vol. 7, no. CSCW1, 2023, pp. 1–38, doi:10.1145/3579617.'
short: M. Kaur, H. Sri Ramulu, Y. Acar, T. Fiebig, Proc. ACM Hum. Comput. Interact.
7 (2023) 1–38.
date_created: 2023-07-11T06:23:54Z
date_updated: 2024-04-09T07:19:23Z
doi: 10.1145/3579617
intvolume: ' 7'
issue: CSCW1
language:
- iso: eng
page: 1–38
publication: Proc. ACM Hum. Comput. Interact.
status: public
title: '"Oh yes! over-preparing for meetings is my jam :)": The Gendered Experiences
of System Administrators'
type: journal_article
user_id: '15458'
volume: 7
year: '2023'
...
---
_id: '47304'
author:
- first_name: Dominik
full_name: Wermke, Dominik
last_name: Wermke
- first_name: Jan H.
full_name: Klemmer, Jan H.
last_name: Klemmer
- first_name: Noah
full_name: Wöhler, Noah
last_name: Wöhler
- first_name: Juliane
full_name: Schmüser, Juliane
last_name: Schmüser
- first_name: Harshini
full_name: Sri Ramulu, Harshini
id: '99000'
last_name: Sri Ramulu
orcid: 0000-0002-0000-5843
- first_name: Yasemin
full_name: Acar, Yasemin
id: '94636'
last_name: Acar
- first_name: Sascha
full_name: Fahl, Sascha
last_name: Fahl
citation:
ama: 'Wermke D, Klemmer JH, Wöhler N, et al. “Always Contribute Back”: A Qualitative
Study on Security Challenges of the Open Source Supply Chain. In: 44th IEEE
Symposium on Security and Privacy, SP 2023, San Francisco, CA, USA, May 21-25,
2023. IEEE; 2023:1545–1560. doi:10.1109/SP46215.2023.10179378'
apa: 'Wermke, D., Klemmer, J. H., Wöhler, N., Schmüser, J., Sri Ramulu, H., Acar,
Y., & Fahl, S. (2023). “Always Contribute Back”: A Qualitative Study on Security
Challenges of the Open Source Supply Chain. 44th IEEE Symposium on Security
and Privacy, SP 2023, San Francisco, CA, USA, May 21-25, 2023, 1545–1560.
https://doi.org/10.1109/SP46215.2023.10179378'
bibtex: '@inproceedings{Wermke_Klemmer_Wöhler_Schmüser_Sri Ramulu_Acar_Fahl_2023,
title={“Always Contribute Back”: A Qualitative Study on Security Challenges of
the Open Source Supply Chain}, DOI={10.1109/SP46215.2023.10179378},
booktitle={44th IEEE Symposium on Security and Privacy, SP 2023, San Francisco,
CA, USA, May 21-25, 2023}, publisher={IEEE}, author={Wermke, Dominik and Klemmer,
Jan H. and Wöhler, Noah and Schmüser, Juliane and Sri Ramulu, Harshini and Acar,
Yasemin and Fahl, Sascha}, year={2023}, pages={1545–1560} }'
chicago: 'Wermke, Dominik, Jan H. Klemmer, Noah Wöhler, Juliane Schmüser, Harshini
Sri Ramulu, Yasemin Acar, and Sascha Fahl. “‘Always Contribute Back’: A Qualitative
Study on Security Challenges of the Open Source Supply Chain.” In 44th IEEE
Symposium on Security and Privacy, SP 2023, San Francisco, CA, USA, May 21-25,
2023, 1545–1560. IEEE, 2023. https://doi.org/10.1109/SP46215.2023.10179378.'
ieee: 'D. Wermke et al., “‘Always Contribute Back’: A Qualitative Study on
Security Challenges of the Open Source Supply Chain,” in 44th IEEE Symposium
on Security and Privacy, SP 2023, San Francisco, CA, USA, May 21-25, 2023,
2023, pp. 1545–1560, doi: 10.1109/SP46215.2023.10179378.'
mla: 'Wermke, Dominik, et al. “‘Always Contribute Back’: A Qualitative Study on
Security Challenges of the Open Source Supply Chain.” 44th IEEE Symposium on
Security and Privacy, SP 2023, San Francisco, CA, USA, May 21-25, 2023, IEEE,
2023, pp. 1545–1560, doi:10.1109/SP46215.2023.10179378.'
short: 'D. Wermke, J.H. Klemmer, N. Wöhler, J. Schmüser, H. Sri Ramulu, Y. Acar,
S. Fahl, in: 44th IEEE Symposium on Security and Privacy, SP 2023, San Francisco,
CA, USA, May 21-25, 2023, IEEE, 2023, pp. 1545–1560.'
date_created: 2023-09-22T13:28:42Z
date_updated: 2024-06-05T12:37:40Z
department:
- _id: '34'
- _id: '858'
doi: 10.1109/SP46215.2023.10179378
language:
- iso: eng
page: 1545–1560
publication: 44th IEEE Symposium on Security and Privacy, SP 2023, San Francisco,
CA, USA, May 21-25, 2023
publisher: IEEE
status: public
title: '"Always Contribute Back": A Qualitative Study on Security Challenges of the
Open Source Supply Chain'
type: conference
user_id: '14931'
year: '2023'
...
---
_id: '47312'
author:
- first_name: Lorenzo
full_name: Neil, Lorenzo
last_name: Neil
- first_name: Harshini
full_name: Sri Ramulu, Harshini
id: '99000'
last_name: Sri Ramulu
orcid: 0000-0002-0000-5843
- first_name: Yasemin
full_name: Acar, Yasemin
id: '94636'
last_name: Acar
- first_name: Bradley
full_name: Reaves, Bradley
last_name: Reaves
citation:
ama: 'Neil L, Sri Ramulu H, Acar Y, Reaves B. Who Comes Up with this Stuff? Interviewing
Authors to Understand How They Produce Security Advice. In: Nineteenth Symposium
on Usable Privacy and Security, SOUPS 2023, Anaheim, CA, USA, August 5-7, 2023.
USENIX Association; 2023:283–299.'
apa: Neil, L., Sri Ramulu, H., Acar, Y., & Reaves, B. (2023). Who Comes Up with
this Stuff? Interviewing Authors to Understand How They Produce Security Advice.
Nineteenth Symposium on Usable Privacy and Security, SOUPS 2023, Anaheim, CA,
USA, August 5-7, 2023, 283–299.
bibtex: '@inproceedings{Neil_Sri Ramulu_Acar_Reaves_2023, title={Who Comes Up with
this Stuff? Interviewing Authors to Understand How They Produce Security Advice},
booktitle={Nineteenth Symposium on Usable Privacy and Security, SOUPS 2023, Anaheim,
CA, USA, August 5-7, 2023}, publisher={USENIX Association}, author={Neil, Lorenzo
and Sri Ramulu, Harshini and Acar, Yasemin and Reaves, Bradley}, year={2023},
pages={283–299} }'
chicago: Neil, Lorenzo, Harshini Sri Ramulu, Yasemin Acar, and Bradley Reaves. “Who
Comes Up with This Stuff? Interviewing Authors to Understand How They Produce
Security Advice.” In Nineteenth Symposium on Usable Privacy and Security, SOUPS
2023, Anaheim, CA, USA, August 5-7, 2023, 283–299. USENIX Association, 2023.
ieee: L. Neil, H. Sri Ramulu, Y. Acar, and B. Reaves, “Who Comes Up with this Stuff?
Interviewing Authors to Understand How They Produce Security Advice,” in Nineteenth
Symposium on Usable Privacy and Security, SOUPS 2023, Anaheim, CA, USA, August
5-7, 2023, 2023, pp. 283–299.
mla: Neil, Lorenzo, et al. “Who Comes Up with This Stuff? Interviewing Authors to
Understand How They Produce Security Advice.” Nineteenth Symposium on Usable
Privacy and Security, SOUPS 2023, Anaheim, CA, USA, August 5-7, 2023, USENIX
Association, 2023, pp. 283–299.
short: 'L. Neil, H. Sri Ramulu, Y. Acar, B. Reaves, in: Nineteenth Symposium on
Usable Privacy and Security, SOUPS 2023, Anaheim, CA, USA, August 5-7, 2023, USENIX
Association, 2023, pp. 283–299.'
date_created: 2023-09-22T13:45:47Z
date_updated: 2024-06-05T12:50:02Z
department:
- _id: '34'
- _id: '858'
language:
- iso: eng
page: 283–299
publication: Nineteenth Symposium on Usable Privacy and Security, SOUPS 2023, Anaheim,
CA, USA, August 5-7, 2023
publisher: USENIX Association
status: public
title: Who Comes Up with this Stuff? Interviewing Authors to Understand How They Produce
Security Advice
type: conference
user_id: '14931'
year: '2023'
...
---
_id: '53366'
author:
- first_name: Mindy
full_name: Tran, Mindy
id: '99001'
last_name: Tran
- first_name: Collins W
full_name: Munyendo, Collins W
last_name: Munyendo
- first_name: Harshini
full_name: Sri Ramulu, Harshini
id: '99000'
last_name: Sri Ramulu
orcid: 0000-0002-0000-5843
- first_name: Rachel Gonzalez
full_name: Rodriguez, Rachel Gonzalez
last_name: Rodriguez
- first_name: Luisa Ball
full_name: Schnell, Luisa Ball
last_name: Schnell
- first_name: Cora
full_name: Sula, Cora
last_name: Sula
- first_name: Lucy
full_name: Simko, Lucy
last_name: Simko
- first_name: Yasemin
full_name: Acar, Yasemin
id: '94636'
last_name: Acar
citation:
ama: 'Tran M, Munyendo CW, Sri Ramulu H, et al. Security, Privacy, and Data-sharing
Trade-offs When Moving to the United States: Insights from a Qualitative Study.
In: 2024 IEEE Symposium on Security and Privacy (SP). ; 2023:4–4.'
apa: 'Tran, M., Munyendo, C. W., Sri Ramulu, H., Rodriguez, R. G., Schnell, L. B.,
Sula, C., Simko, L., & Acar, Y. (2023). Security, Privacy, and Data-sharing
Trade-offs When Moving to the United States: Insights from a Qualitative Study.
2024 IEEE Symposium on Security and Privacy (SP), 4–4.'
bibtex: '@inproceedings{Tran_Munyendo_Sri Ramulu_Rodriguez_Schnell_Sula_Simko_Acar_2023,
title={Security, Privacy, and Data-sharing Trade-offs When Moving to the United
States: Insights from a Qualitative Study}, booktitle={2024 IEEE Symposium on
Security and Privacy (SP)}, author={Tran, Mindy and Munyendo, Collins W and Sri
Ramulu, Harshini and Rodriguez, Rachel Gonzalez and Schnell, Luisa Ball and Sula,
Cora and Simko, Lucy and Acar, Yasemin}, year={2023}, pages={4–4} }'
chicago: 'Tran, Mindy, Collins W Munyendo, Harshini Sri Ramulu, Rachel Gonzalez
Rodriguez, Luisa Ball Schnell, Cora Sula, Lucy Simko, and Yasemin Acar. “Security,
Privacy, and Data-Sharing Trade-Offs When Moving to the United States: Insights
from a Qualitative Study.” In 2024 IEEE Symposium on Security and Privacy (SP),
4–4, 2023.'
ieee: 'M. Tran et al., “Security, Privacy, and Data-sharing Trade-offs When
Moving to the United States: Insights from a Qualitative Study,” in 2024 IEEE
Symposium on Security and Privacy (SP), 2023, pp. 4–4.'
mla: 'Tran, Mindy, et al. “Security, Privacy, and Data-Sharing Trade-Offs When Moving
to the United States: Insights from a Qualitative Study.” 2024 IEEE Symposium
on Security and Privacy (SP), 2023, pp. 4–4.'
short: 'M. Tran, C.W. Munyendo, H. Sri Ramulu, R.G. Rodriguez, L.B. Schnell, C.
Sula, L. Simko, Y. Acar, in: 2024 IEEE Symposium on Security and Privacy (SP),
2023, pp. 4–4.'
date_created: 2024-04-09T07:11:01Z
date_updated: 2024-06-05T13:52:39Z
department:
- _id: '858'
language:
- iso: eng
page: 4–4
publication: 2024 IEEE Symposium on Security and Privacy (SP)
status: public
title: 'Security, Privacy, and Data-sharing Trade-offs When Moving to the United States:
Insights from a Qualitative Study'
type: conference
user_id: '14931'
year: '2023'
...
---
_id: '53352'
author:
- first_name: Lucy
full_name: Simko, Lucy
last_name: Simko
- first_name: Harshini
full_name: Sri Ramulu, Harshini
id: '99000'
last_name: Sri Ramulu
orcid: 0000-0002-0000-5843
- first_name: Tadayoshi
full_name: Kohno, Tadayoshi
last_name: Kohno
- first_name: Yasemin
full_name: Acar, Yasemin
id: '94636'
last_name: Acar
citation:
ama: Simko L, Sri Ramulu H, Kohno T, Acar Y. The Use and Non-Use of Technology During
Hurricanes. Proc ACM Hum Comput Interact. 2023;7(CSCW2):1–54. doi:10.1145/3610215
apa: Simko, L., Sri Ramulu, H., Kohno, T., & Acar, Y. (2023). The Use and Non-Use
of Technology During Hurricanes. Proc. ACM Hum. Comput. Interact., 7(CSCW2),
1–54. https://doi.org/10.1145/3610215
bibtex: '@article{Simko_Sri Ramulu_Kohno_Acar_2023, title={The Use and Non-Use of
Technology During Hurricanes}, volume={7}, DOI={10.1145/3610215},
number={CSCW2}, journal={Proc. ACM Hum. Comput. Interact.}, author={Simko, Lucy
and Sri Ramulu, Harshini and Kohno, Tadayoshi and Acar, Yasemin}, year={2023},
pages={1–54} }'
chicago: 'Simko, Lucy, Harshini Sri Ramulu, Tadayoshi Kohno, and Yasemin Acar. “The
Use and Non-Use of Technology During Hurricanes.” Proc. ACM Hum. Comput. Interact.
7, no. CSCW2 (2023): 1–54. https://doi.org/10.1145/3610215.'
ieee: 'L. Simko, H. Sri Ramulu, T. Kohno, and Y. Acar, “The Use and Non-Use of Technology
During Hurricanes,” Proc. ACM Hum. Comput. Interact., vol. 7, no. CSCW2,
pp. 1–54, 2023, doi: 10.1145/3610215.'
mla: Simko, Lucy, et al. “The Use and Non-Use of Technology During Hurricanes.”
Proc. ACM Hum. Comput. Interact., vol. 7, no. CSCW2, 2023, pp. 1–54, doi:10.1145/3610215.
short: L. Simko, H. Sri Ramulu, T. Kohno, Y. Acar, Proc. ACM Hum. Comput. Interact.
7 (2023) 1–54.
date_created: 2024-04-08T09:22:02Z
date_updated: 2024-06-05T13:53:38Z
department:
- _id: '858'
doi: 10.1145/3610215
intvolume: ' 7'
issue: CSCW2
language:
- iso: eng
page: 1–54
publication: Proc. ACM Hum. Comput. Interact.
status: public
title: The Use and Non-Use of Technology During Hurricanes
type: journal_article
user_id: '14931'
volume: 7
year: '2023'
...