Selected Publications

For a list of all my publications, click here, or visit my Google Scholar profile.

In the computer science field coordinated vulnerability disclosure is a well-known practice for finding flaws in IT-systems and patching them. In this practice, a white-hat hacker who finds a vulnerability in an IT-system reports that vulnerability to the system’s owner. The owner will then resolve the problem, after which the vulnerability will be disclosed publicly. This practice generally does not focus on potential offenders or black-hat hackers who would likely exploit the vulnerability instead of reporting it. In this paper, we take an interdisciplinary approach and review the current coordinated vulnerability disclosure practice from both a computer science and criminological perspective. We discuss current issues in this practice that could influence the decision to use coordinated vulnerability disclosure versus exploiting a vulnerability. Based on different motives, a rational choice or cost–benefit analyses of the possible reactions after finding a vulnerability will be discussed. Subsequently, implications for practice and future research suggestions are included.
Crime Science, An Interdisciplinary Journal, 2018, 7:16, 2018

Many networking research activities are dependent on the availability of network captures. Even outside academic research, there is a need for sharing network captures to cooperate on threat assessments or for debugging. However, most network captures cannot be shared due to privacy concerns. Anonymisation of network captures has been a subject of research for quite some time, and many different techniques exist. In this article, we present an overview of the currently available techniques and implementations for network capture anonymisation. There have been many advances in the understanding of anonymisation and cryptographic methods, which have changed the perspective on the effectiveness of many anonymisation techniques. However, these advances, combined with the increase of computational abilities, may have also made it feasible to perform anonymisation in real time. This may make it easier to collect and distribute network captures both for research and for other applications. This article surveys the literature over the period of 1998–2017 on network traffic anonymisation techniques and implementations. The aim is to provide an overview of the current state of the art and to highlight how advances in related fields have shed new light on anonymisation and pseudonimisation methodologies. The few currently maintained implementations are also reviewed. Last, we identify future research directions to enable easier sharing of network traffic, which in turn can enable new insights in network traffic analysis.
ACM CSUR, 51, 3, 52, 2018

This paper examines the impact of this development for Internet measurements and analyses previous cases where Internet measurements have touched upon ethical issues. The paper proposes an early framework to help researchers identify stakeholders and how a network study may impact them. In addition to this, the paper provides advice on creating measurement practices that incorporate ethics by design, and also considers the role of third-party data suppliers in ethical measurement practices.
Journal of Cyber Security and Mobility, Volume 5, Issue 4, 2017

Recent Publications

More Publications

(2018). Don’t shoot the messenger! A criminological and computer science perspective on coordinated vulnerability disclosure. Crime Science, An Interdisciplinary Journal, 2018, 7:16.


(2018). A Survey of Network Traffic Anonymisation Techniques and Implementations. ACM CSUR, 51, 3, 52.


(2017). Ethics and Internet Measurements. Journal of Cyber Security and Mobility, Volume 5, Issue 4.


(2017). Model-Driven Software Engineering in Practice- Privacy-Enhanced Filtering of Network Traffic. 2017 11th Joint Meeting of the European Software Engineering Conference and the ACM SIGSOFT Symposium on the Foundations of Software Engineering (ESEC/FSE 2017).


(2017). Ethics and Internet Measurements. 2nd Workshop of Traffic Measurement in Cybersecurity (WTMC).


(2015). Embedding Ethics in System Administration Education. The USENIX Journal of Education in System Administration, Volume 1, Number 1.


(2015). Ethical considerations of using information obtained from online file sharing sites – the case of the Piratebay. Journal of Information, Communication and Ethics in Society, special issue 20 years of ETHICOMP.


(2015). Technology-aware multi-domain multi-layer routing. Computer communications, 62, 85-96.

(2014). Baywatch- Two approaches to measure the effects of blocking access to The Pirate Bay. Telecommunications Policy.


Recent & Upcoming Talks

Cybersecurity & Hackers
6 Dec 2018 14:46
Ethics at OS3
26 Sep 2018 14:45
Vulnerability Disclosure & Ethical Dilemmas
28 May 2018 14:41
ZCERT Symposium CVD
25 Jan 2018 14:37
Gastcollege Vulnerability Disclosure
6 Dec 2017 14:00
Ethics in Computing
4 Oct 2017 12:10
Ethics in Computing
6 Aug 2017 20:20


Academic Positions

Besides my current position (since 2014) as security researcher at the National Cyber Security Centre, I have (held) the following academic positions (in reverse chronological order)

Programme Committees

  • Workshop Traffic Measurement for Cybersecurity (WTMC) 2019
  • FIRST Conference 2019
  • Workshop Traffic Measurement for Cybersecurity (WTMC) 2018
  • FIRST Conference 2018
  • Workshop Traffic Measurement for Cybersecurity (WTMC) 2017
  • Netcloud2013
  • NetCloud2012

Other Activities

  • 2018 - present: Associate Editor of ACM Journal: Digital Threats: Research and Practice (ACM DTRAP)
  • 2018 - present: Member of Ethics Committee at Electrical Engineering, Mathematics and Computer Science, UTwente
  • 2016 - present: Chair of Ethics Working-group at ICT-Research Platform Netherlands
  • 2014 - present: Member of Ethics Committee at Science Department, UvA
  • 2014 - 2017: Ethics Advisor at Systems and Network Engineering Master, UvA