An examination of private intermediaries' roles in software vulnerabilities disclosure

Information Systems Frontiers

Volumn 9, Issue 5, 2007, Pages 531-539

  Li, Pu ^a   Rao, H Raghav ^a  

^a UNIVERSITY AT BUFFALO   (United States)

Author keywords

Disclosure; Private intermediary; Software vulnerability

Indexed keywords

PROBABILITY; PUBLIC POLICY; SECURITY OF DATA;

INFORMATION LEAKAGES; PRIVATE INTERMEDIARIES; SOFTWARE VULNERABILITIES; VULNERABILITY OBSERVATIONS;

COMPUTER SOFTWARE;

EID: 35548965096     PISSN: 13873326     EISSN: None     Source Type: Journal    
DOI: 10.1007/s10796-007-9047-2     Document Type: Article

References (20)

1. Anderson, R., & Moore, T. (2006). The economics of information security: A survey and open questions. Science, 314(5799), 610-613.
2. Arbaugh, W. A., Fithen, W. L., & McHugh, J. (2000). Windows of vulnerability: A case study analysis. IEEE Computer, 33, 52-59.
3. Arora, A., Caulkins, J. P., & Telang, R. (2003). Provision of software quality in the presence of patching technology. Carnegie Mellon University, Working Paper, February.
4. Arora, A., Krishnan, R., Nandkumar, A., Telang, R., & Yang, Y. (2004a). Impact of vulnerability disclosure and patch availability-An empirical analysis. Workshop on Economics and Information Security, May 2004, Minneapolis, MN, USA.
5. Arora, A., Krishnan, R., Telang, R., & Yang, Y. (2005). An empirical analysis of vendor response to disclosure policy. The Fourth Workshop on the Economics of Information Security.
6. Arora, A., Telang, R., & Hao, X. (2004b). Optimal policy for software vulnerability disclosure. Carnegie Mellon Working Paper.
7. Campbell, K., Gordon, L., Loeb, M. P., & Zhou, L. (2003). The economic cost of publicly announced information security breaches: Empirical evidence from the stock market. Journal of Computer Security, 11(3), 431-448.
8. Cavusoglu, H., Cavusoglu, H., & Raghunathan, S. (2004a). Analysis of software vulnerability disclosure policies. CORS/INFORMS Joint International Meeting, Banff, Alberta, Canada.
9. Cavusoglu, H., Cavusoglu, H., & Raghunathan, S. (2005). Emerging issues in responsible vulnerability disclosure. The Fourth Workshop on the Economics of Information Security.
10. Cavusoglu, H., Mishra, B., & Raghunathan, S. (2004b). The effect of internet security breach announcements on market value: Capital market reactions for breached firms and Internet security developers. International Journal of Electronic Commerce, 9(1), 69.
11. Choi, J. P., Fershtman, C., & Gandal, N. (2005). Internet security, vulnerability disclosure, and software provision. The Fourth Workshop on the Economics of Information Security.
12. Gordon, L. A., & Loeb, M. P. (2002). The economics of information security investment. ACM Transactions on Information and System Security, 5, 438-457.
13. IDefense (2005). Service overview. http://www.idefense.com.
14. Kannan, K., & Telang, R. (2005). Market for software vulnerabilities? Think again. Management Science, 51(5), 726.
15. Nizovtsev, D., & Thursby, M. (2005). Economic analysis of incentive to disclose software vulnerabilities. The Forth Workshop on the Economics of Information Security.
16. Ozment, A. (2004). Bug auctions: Vulnerability markets reconsidered. http://www.dtc.umn.edu/weis2004/ozment.pdf.
17. Schechter, S. (2004). Computer security, strength and risk: A quantitative approach. http://www.eecs.harvard.edu/~stuart/papers/thesis.pdf.
18. Schechter, S., & Smith, M. D. (2003). How much security is enough to stop a thief? The Seventh International Financial Cryptography Conference, Gosier, Guadeloupe, January.
19. Symantec (2003). Symantec Internet security threat report. http://www.symantec.com.
20. Telang, R., & Wattal, S. (2005). Impact of software vulnerability announcements on the market value of software vendors-an empirical investigation. The Fourth Workshop on the Economics of Information Security.