Towards Multi-Stakeholder Vulnerability Notifications in the Ad-Tech Supply Chain

Computer Science > Cryptography and Security [Submitted on 11 Jun 2024 (v1), last revised 2 Apr 2026 (this version, v2)] Towards Multi-Stakeholder Vulnerability Notifications in the Ad-Tech Supply Chain Yash Vekaria (1), Rishab Nithyanand (2), Zubair Shafiq (1) ((1) University of California, Davis, (2) University of Iowa) Online advertising relies on a complex and opaque supply chain that involves multiple stakeholders, including advertisers, publishers, and ad-networks, each with distinct and sometimes conflicting incentives. Recent research has demonstrated the existence of ad-tech supply chain vulnerabilities such as dark pooling, where low-quality publishers bundle their ad inventory with higher-quality ones to mislead advertisers. We investigate the effectiveness of vulnerability notification campaigns aimed at mitigating dark pooling. Prior research on vulnerability notifications have primarily explored single-stakeholder contexts, leaving multi-stakeholder scenarios understudied. There is limited attention to complex multi-stakeholder supply chain ecosystems such as ad-tech supply chain, where resolving vulnerabilities often requires coordinated action across entities with misaligned incentives and interdependent roles. We address this gap by implementing the first online advertising supply chain vulnerability notification pipeline to systematically evaluate the responsiveness of various stakeholders in ad-tech supply chain, including publishers, ad-networks, and advertisers to vulnerability notifications by academics and activists. Our nine-month long automated multi-stakeholder notification study shows that notifications are an effective method for reducing dark pooling vulnerabilities in the online advertising ecosystem, especially when targeted towards ad-networks. Further, the sender reputation does not impact responses to notifications from activists and academics in a statistically different way. Overall, our research fosters industry-scale solution to combat ad inventory fraud and fosters future research on feasibility of multi-stakeholder vulnerability notifications in other supply chain ecosystems. Subjects: Cryptography and Security (cs.CR); Computers and Society (cs.CY); Multiagent Systems (cs.MA); Networking and Internet Architecture (cs.NI); Social and Information Networks (cs.SI) ACM classes: K.4.1; K.4.3; K.4.4; D.2.0; D.2.4; G.3; H.3.7; K.1; K.6.1; K.6.5 Cite as: arXiv:2406.06958 [cs.CR]   (or arXiv:2406.06958v2 [cs.CR] for this version)   https://doi.org/10.48550/arXiv.2406.06958 Focus to learn more Submission history From: Yash Vekaria [view email] [v1] Tue, 11 Jun 2024 05:31:29 UTC (516 KB) [v2] Thu, 2 Apr 2026 23:38:37 UTC (500 KB) Access Paper: HTML (experimental) view license Current browse context: cs.CR < prev   |   next > new | recent | 2024-06 Change to browse by: cs cs.CY cs.MA cs.NI cs.SI References & Citations NASA ADS Google Scholar Semantic Scholar Export BibTeX Citation Bookmark Bibliographic Tools Bibliographic and Citation Tools Bibliographic Explorer Toggle Bibliographic Explorer (What is the Explorer?) Connected Papers Toggle Connected Papers (What is Connected Papers?) Litmaps Toggle Litmaps (What is Litmaps?) scite.ai Toggle scite Smart Citations (What are Smart Citations?) Code, Data, Media Demos Related Papers About arXivLabs Which authors of this paper are endorsers? | Disable MathJax (What is MathJax?)