An Empirical Analysis of Software Vendors' Patch Release Behavior: Impact of Vulnerability Disclosure

References

• Anderson R., Moore T. The economics of information security. Science (2006) 27(314):610–613Crossref, Google Scholar
• Arbaugh W. A., Fithen W. L., McHugh J. Windows of vulnerability: A case study analysis. IEEE Comput. (2000) 33(12):52–59Crossref, Google Scholar
• Arora A., Caulkins J. P., Telang R. Sell first, fix later: Impact of patching on software quality. Management Sci. (2006a) 52(3):465–471Link, Google Scholar
• Arora A., Nandkumar A., Telang R. Impact of patches and software vulnerability information on frequency of security attacks—An empirical analysis. Inform. Systems Frontier (2006b) 8(5):350–362Crossref, Google Scholar
• Arora A., Telang R., Xu H. Optimal policy for vulnerability disclosure. Management Sci. (2008) 54(4):642–656Link, Google Scholar
• August T., Tunca T. Network software security and user incentives. Management Sci. (2006) 52(11):1703–1720Link, Google Scholar
• Banker R., Davis G., Slaughter S. Software development practices, software complexities, and software maintenance. Management Sci. (1998) 44(4):433–450Link, Google Scholar
• Belzil C. Unemployment insurance and unemployment over time: An analysis with event history data. Rev. Econom. Statist. (1995) 77(1):113–126Crossref, Google Scholar
• Camp L., Wolfram C. Pricing security. Proc. CERT Inform. Survivability Workshop (2000) Boston:31–39Google Scholar
• Cavusoglu H., Cavusoglu H., Raghunathan S. How should we disclose software vulnerabilities? Proc. 14th Annual Workshop Inform. Tech. Systems (2004) Washington, D.C.Google Scholar
• Choi J. P., Fershtman C., Gandal N. Internet security, vulnerability disclosure, and software provision. Proc. 4th Workshop Econom. Inform. Systems (2005) BostonGoogle Scholar
• Cox D. R. Partial likelihood. Biometrika (1975) 62(2, May/August):269–276Crossref, Google Scholar
• Green W.Econometric Analysis (1992) (Macmillan Publishing Company, New York) Google Scholar
• Information Week Cisco details IOS vulnerability spilled at Black Hat. (2005) July 29). http://www.informationweek.com/story/showArticle.jhtml?articleID=166403842Google Scholar
• Kalbfleisch J. D., Prentice R. L.The Statistical Analysis of Failure Time Data (2002) 2nd ed.(John Wiley & Sons, New York) Crossref, Google Scholar
• Kannan K., Telang R. Market for software vulnerabilities? Think again. Management Sci. (2005) 51(5):726–740Link, Google Scholar
• Kaplan E. L., Meier P. Nonparametric estimation from incomplete observations. J. Amer. Statist. Assoc. (1958) 53:457–548Crossref, Google Scholar
• Krishnan M. S., Kriebel C., Kekre S., Mukhopadhyay T. An empirical analysis of cost and conformance quality in software products. Management Sci. (2000) 46:745–759Link, Google Scholar
• National Vulnerability Database (NVD) http://www.nvd.nist.gov/Google Scholar
• Nizovtsev D., Thursby M. To disclose or not? An analysis of software user behavior. Inform. Econom. Policy (2007) 19(1):43–64Crossref, Google Scholar
• Ozment A. Bug auctions: Vulnerability markets reconsidered. 3rd Workshop Econom. Inform. Security (2004) . MinneapolisGoogle Scholar
• Png I., Tang C., Wang Q.-H. Information security: User precaution and hacker targeting. (2006) . http://ssrn.com/abstract=912161Google Scholar
• Symantec Inc. Symantec Internet Security Threat Report. . Accessed June 24, 2003, http://www.symantec.comGoogle Scholar
• Telang R., Wattal S. Impact of vulnerability disclosure on market value of software vendors: An empirical analysis. IEEE Trans. Software Engrg. (2007) 33(8):544–557Crossref, Google Scholar
• Vaupel J. W., Manton K. G., Stallard E. The impact of heterogeneity in individual frailty on the dynamics of mortality. Demography (1979) 16:439–454Crossref, Google Scholar
• Wheeler D. Why open source software/free software (OSS/FS)? (2002) . Look at the numbers! Accessed June 19, 2007, https://wideopennews.com/archives/open-source-now-list/2002-May/pdf00000.pdfGoogle Scholar