Collegium Helveticum
Fellow Project 2023–2024

Understanding the Real-Life Impacts of Security Break

Security breaks are exploitable security/privacy vulnerabilities that are uncovered by researchers who are analyzing a system. Claims of security breaks in the research literature are technically correct and peer-reviewed. However, practitioners and decision-makers need to decide what remedial action, if any, is warranted. Sometimes, claimed total breaks had no discernible practical impact as the affected systems continued to be used years after the initial break announcements and were gradually replaced eventually. This, for instance, happened in the 1990s when vulnerabilities were discovered in cryptographic algorithms, which were nonetheless used in 2G mobile communication systems.

Widespread negative perception from well-publicized breaks can also lead to a substantial opportunity cost. Industry decision-makers may be tempted to prematurely pull technologies from deployment. Moreover, students and starting researchers may shy away from a particular technology that was subject to claimed security breaks because they perceive it as too risky.

Can we assess the realistic real-life impact of claimed security breaks? And if so, how? To begin this conversation, Asokan will arrange a half-day workshop during his fellowship at the Collegium, bringing together cybersecurity experts, industry practitioners, and economists.

Discover more