Online advertising relies on a complex and opaque supply chain that involves multiple stakeholders, including advertisers, publishers, and ad-networks, each with distinct and sometimes conflicting incentives. Recent research has demonstrated the existence of ad-tech supply chain vulnerabilities such as dark pooling, where low-quality publishers bundle their ad inventory with higher-quality ones to mislead advertisers. We investigate the effectiveness of vulnerability notification campaigns aimed at mitigating dark pooling. Prior research on vulnerability notifications have primarily explored single-stakeholder contexts, leaving multi-stakeholder scenarios understudied. There is limited attention to complex multi-stakeholder supply chain ecosystems such as ad-tech supply chain, where resolving vulnerabilities often requires coordinated action across entities with misaligned incentives and interdependent roles. We address this gap by implementing the first online advertising supply chain vulnerability notification pipeline to systematically evaluate the responsiveness of various stakeholders in ad-tech supply chain, including publishers, ad-networks, and advertisers to vulnerability notifications by academics and activists. Our nine-month long automated multi-stakeholder notification study shows that notifications are an effective method for reducing dark pooling vulnerabilities in the online advertising ecosystem, especially when targeted towards ad-networks. Further, the sender reputation does not impact responses to notifications from activists and academics in a statistically different way. Overall, our research fosters industry-scale solution to combat ad inventory fraud and fosters future research on feasibility of multi-stakeholder vulnerability notifications in other supply chain ecosystems.

翻译：在线广告依赖于一个复杂且不透明的供应链，该供应链涉及多个利益相关方，包括广告主、发布商和广告网络，各方拥有不同且有时相互冲突的激励。近期研究表明，广告技术供应链中存在漏洞，例如“暗池聚合”，即低质量发布商将其广告库存与高质量发布商的库存捆绑，以误导广告主。我们研究了旨在缓解暗池聚合的漏洞通报活动的有效性。先前关于漏洞通报的研究主要探讨单一利益相关方情境，而对多利益相关方场景的关注不足。对于广告技术供应链等复杂的多利益相关方供应链生态系统，其漏洞的解决通常需要协调激励不一致且角色相互依存的多个实体采取行动，但相关研究十分有限。我们通过实现首个在线广告供应链漏洞通报流程来填补这一空白，系统评估广告技术供应链中各类利益相关方（包括发布商、广告网络和广告主）对学术界和活动人士发送的漏洞通报的响应情况。我们长达九个月的自动化多利益相关方通报研究表明，通报是减少在线广告生态系统中暗池聚合漏洞的有效方法，尤其是在针对广告网络时。此外，发送方声誉对活动人士和学者通报的响应在统计上并无显著差异。总体而言，我们的研究促进了打击广告库存欺诈的行业级解决方案，并为未来在其他供应链生态系统中开展多利益相关方漏洞通报的可行性研究奠定了基础。