The April 2023 issue

This April 2023 issue contains one technical paper and four editorial notes.

The technical paper, Vulnerability Disclosure Considered Stressful, by Giovane C. M. Moura and colleagues, describes the authors’ experience running a Coordinated Vulnerability Disclosure (CVD) for the TSUNAME vulnerability. The process of Coordinated Vulnerability Disclosure (CVD) is widely viewed as the gold standard in the notification process that follows the discovery of a vulnerability, aiming at getting operators to patch their systems before attackers can do much harm. However, the task of setting up a CVD can be daunting because security researchers have too few guidelines and experience reports to rely on when they are faced with setting up their own process. This paper is helpful to our community as it may help anyone who may have to report vulnerabilities during their work.

Then, we have four editorial notes. In the first, Measuring Broadband America: A Retrospective on Origins, Achievements, and Challenges, Eric Burger and colleagues present a retrospective on the “Measuring Broadband America” program, run by the United States Federal Communications Commission (FCC), which continually measures and releases data on the performance of consumer broadband access networks in the US. In the second, Recent Trends on Privacy-Preserving Technologies under Standardization at the IETF, Pratyush Dikshit and colleagues present an overview of the privacy-preserving mechanisms for layer 3 (i.e. IP) and above that are currently under standardization at the IETF. The third editorial note, Report of 2021 DINRG Workshop on Centralization in the Internet, by Christian Huitema and colleagues, reports on the workshop on Centralization in the Internet hosted by the Internet Research Task Force (IRTF) Research Group on Decentralizing the Internet (DINRG), on June 3, 2021. The fourth editorial note, A Retrospective on Campus Network Traffic Monitoring, by Martin Arlitt and colleagues, shares some of the authors’ experiences about monitoring the traffic on their campus Internet link for about two decades.

I hope that you will enjoy reading this new issue and welcome comments and suggestions on CCR Online (https://ccronline.sigcomm.org) or by email at ccr-editor at sigcomm.org.