Help
Cart
Skip main navigation

Available Issues

April 10, 2013 - April 2, 2026

Available Issues

April 10, 2013 - April 2, 2026

Information Disclosure and the Diffusion of Information Security Attacks

Published Online:18 Aug 2015https://doi.org/10.1287/isre.2015.0587

References

  • Anderson R, Moore T (2006) The economics of information security. Science 314(5799):610–613.CrossrefGoogle Scholar
  • Anonymous (2010) Windows flaw disclosure causes fierce debate. Network Security 6:2.Google Scholar
  • Arora A, Telang R, Hao X (2008) Optimal policy for software vulnerability disclosure. Management Sci. 54(4):642–656.LinkGoogle Scholar
  • Arora A, Krishnan R, Telang R, Yang Y (2010) An empirical analysis of software vendors’ patch release behavior: Impact of vulnerability disclosure. Inform. Systems Res. 21(1):115–132.LinkGoogle Scholar
  • August T, Tunca TI (2008) Let the pirates patch? An economic analysis of software security patch restrictions. Inform. Systems Res. 19(1):48–70.LinkGoogle Scholar
  • Baker S, Mezzetti C (2005) Disclosure as a strategy in the patent race. J. Law Econom. 48(1):173–194.CrossrefGoogle Scholar
  • Bass F (1969) A new product growth model for product diffusion. Management Sci. 15(5):215–227.LinkGoogle Scholar
  • Bélanger F, Crossler RE (2011) Privacy in the digital age: A review of information privacy research in information systems. MIS Quart. 35(4):1017–1042.CrossrefGoogle Scholar
  • Bessen J (2005) Patents and the diffusion of technical information. Econom. Lett. 86(1):121–128.CrossrefGoogle Scholar
  • Blackwell M, Iacus SM, King G, Porro G (2009) CEM: Coarsened exact matching in Stata. Stata J. 9(4):524–546.CrossrefGoogle Scholar
  • Bloch F, Markowitz P (1996) Optimal disclosure delay in multistage R&D competition. Internat. J. Indust. Organ. 14(2):159–179.CrossrefGoogle Scholar
  • Cavusoglu H, Cavusoglu H, Raghunathan S (2007) Efficiency of vulnerability disclosure mechanisms to disseminate vulnerability knowledge. IEEE Trans. Software Engrg. 33(3):171–185.CrossrefGoogle Scholar
  • Cavusoglu H, Cavusoglu H, Zhang J (2008) Security patch management: Share the burden or share the damage? Management Sci. 54(4):657–670.LinkGoogle Scholar
  • Cavusoglu H, Mishra B, Raghunathan S (2004) The impact of Internet security breach announcements on market value of breached firms and Internet security developers. Internat. J. Electronic Commerce 9(1):69–104.CrossrefGoogle Scholar
  • Cavusoglu H, Mishra B, Raghunathan S (2005) The value of intrusion detection systems in information technology security architecture. Inform. Systems Res. 16(1):28–46.LinkGoogle Scholar
  • Cooper R (2001) A call for responsible disclosure in Internet security. Network World 18(33):37.Google Scholar
  • Cooper RB, Zmud RW (1990) Information technology implementation research: A technological diffusion approach. Management Sci. 36(2):123–139.LinkGoogle Scholar
  • D’Arcy J, Hovav A, Galletta D (2009) User awareness of security countermeasures and its impact on information systems misuse: A deterrence approach. Inform. Systems Res. 20(1):79–98.LinkGoogle Scholar
  • Dasgupta P, Stiglitz J (1980) Uncertainty, industrial structure, and the speed of R&D. Bell J. Econom. 11(1):1–28.CrossrefGoogle Scholar
  • Eisenhardt KM, Martin JA (2000) Dynamic capabilities: What are they? Strategic Management J. 21(10–11):1105–1121.CrossrefGoogle Scholar
  • Enkel E, Gassmann O, Chesbrough H (2009) Open R&D and open innovation: Exploring the phenomenon. R&D Management 39(4):311–316.CrossrefGoogle Scholar
  • Enserink M (2011) Controversial studies give a deadly flu virus wings. Science 334(6060):1192–1193.CrossrefGoogle Scholar
  • Frei S, May M, Fiedler U, Plattner B (2006) Large-scale vulnerability analysis. Proc. 2006 SIGCOMM Workshop on Large-Scale Attack Defense (ACM, New York), 131–138.CrossrefGoogle Scholar
  • Fudenberg D, Gilbert R, Stiglitz J, Tirole J (1983) Preemption, leapfrogging and competition in patent races. Eur. Econom. Rev. 22(1):3–31.CrossrefGoogle Scholar
  • Greve HR (2011) Fast and expensive: The diffusion of a disappointing innovation. Strategic Management J. 32(9):949–968.CrossrefGoogle Scholar
  • Harris C, Vickers J (1985) Perfect equilibrium in a model of a race. Rev. Econom. Stud. 52(2):193–209.CrossrefGoogle Scholar
  • Ho TH, Savin S, Terwiesch C (2002) Managing demand and sales dynamics in new product diffusion under supply constraint. Management Sci. 48(2):187–206.LinkGoogle Scholar
  • Johansson JK (1979) Advertising and the S-curve: A new approach. J. Marketing Res. 16(3):346–354.CrossrefGoogle Scholar
  • Kannan K, Telang R (2005) Market for software vulnerabilities? Think again. Management Sci. 51(5):726–740.LinkGoogle Scholar
  • Kultti K, Takalo T, Toikka J (2006) Simultaneous model of innovation, secrecy, and patent policy. Amer. Econom. Rev. 96(2):82–86.CrossrefGoogle Scholar
  • Lemos R (2011) More vendors reacting poorly to disclosure. InformationWeek Dark Reading. http://www.darkreading.com/vulnerabilities—threats/more-vendors-reacting-poorly-to-disclosure/d/d-id/1136757.Google Scholar
  • Mahmood MA, Siponen M, Straub D, Rao HR, Raghu TS (2010) Moving toward black hat research in information systems security: An editorial introduction. MIS Quart. 34(3):431–433.CrossrefGoogle Scholar
  • Majchrzak A, Rice RE, Malhotra A, King N, Ba S (2000) Technology adaption: The case of a computer-supported inter-organizational virtual team. MIS Quart. 24(4):569–600.CrossrefGoogle Scholar
  • Matutes C, Regibeau P, Rockett K (1996) Optimal patent design and the diffusion of innovations. RAND J. Econom. 27(1):60–83.CrossrefGoogle Scholar
  • Mell P, Scarfone K, Romanosky S (2006) Common vulnerability scoring system. IEEE Security Privacy 4(6):85–89.CrossrefGoogle Scholar
  • Mell P, Scarfone K, Romanosky S (2007) A complete guide to the Common Vulnerability Scoring System version 2.0. https://www.first.org/cvss/cvss-v2-guide.pdf.Google Scholar
  • Messmer E (2007) Debating security flaw disclosures. Network World 24(22):1.Google Scholar
  • Mookerjee V, Mookerjee R, Bensoussan A, Yue WT (2011) When hackers talk: Managing information security under variable attack rates and knowledge dissemination. Inform. Systems Res. 22(3):606–623.LinkGoogle Scholar
  • National Vulnerability Database (2008) National Vulnerability Database. https://nvd.nist.gov/.Google Scholar
  • Owen-Smith J, Powell WW (2004) Knowledge networks as channels and conduits: The effects of spillovers in the Boston biotechnology community. Organ. Sci. 15(1):5–21.LinkGoogle Scholar
  • Parthasarathy M, Bhattacherjee A (1998) Understanding post-adoption behavior in the context of online services. Inform. Systems Res. 9(4):362–379.LinkGoogle Scholar
  • Radianti J, Gonzalez JJ (2007) Understanding hidden information security threats: The vulnerability black market. 40th Annual Hawaii Internat. Conf. System Sci. (IEEE Computer Society, Los Alamitos, CA), 156c.CrossrefGoogle Scholar
  • Ramstad E (2011) Executive learns from hack. Wall Street J. (June 21). http://www.wsj.com/articles/SB10001424052702303936704576395123202899068.Google Scholar
  • Ransbotham S, Mitra S (2009) Choice and chance: A conceptual model of paths to information security compromise. Inform. Systems Res. 20(1):121–139.LinkGoogle Scholar
  • Ransbotham S, Mitra S, Ramsey J (2012) Are markets for vulnerabilities effective? MIS Quart. 36(1):43–64.CrossrefGoogle Scholar
  • Rogers EM (2003) Diffusion of Innovations, 5th ed. (Free Press, New York).Google Scholar
  • Schultz E (2004) Sarbanes-Oxley: A huge boon to information security in the US. Comput. Security 23(5):353–354.CrossrefGoogle Scholar
  • Swire PP (2004) A model for when disclosure helps security: What is different about computer and network security? J. Telecomm. High Tech. Law 2(1):1–38.Google Scholar
  • Teece DJ (1980) The diffusion of an administrative innovation. Management Sci. 26(5):464–470.LinkGoogle Scholar
  • Teece DJ (2007) Explicating dynamic capabilities: The nature and microfoundations of (sustainable) enterprise performance. Strategic Management J. 28(13):1319–1350.CrossrefGoogle Scholar
  • Trigeorgis L (1996) Real Options: Managerial Flexibility and Strategy in Resource Allocation (MIT Press, Cambridge, MA).Google Scholar
  • Tudor A (2011) Citigroup confirms data breach. Wall Street J. (June 9). http://www.wsj.com/articles/SB10001424052702304259304576374713184158184.Google Scholar
  • Van den Bulte C, Joshi YV (2007) New product diffusion with influentials and imitators. Marketing Sci. 26(3):400–421.LinkGoogle Scholar
  • Van den Bulte C, Stremersch S (2004) Social contagion and income heterogeneity in new product diffusion: A meta-analytic test. Marketing Sci. 41(4):530–544.LinkGoogle Scholar
  • Willison R, Warkentin M (2013) Beyond deterrence: An expanded view of employee computer abuse. MIS Quart. 37(1):1–20.CrossrefGoogle Scholar
  • Zhou KZ, Wu F (2010) Technological capability, strategic flexibility, and product innovation. Strategic Management J. 31(5):547–561.CrossrefGoogle Scholar
  • Ziedonis RH (2004) Don’t fence me in: Fragmented markets for technology and the patent acquisition strategies of firms. Management Sci. 50(6):804–820.LinkGoogle Scholar
Previous
Back to Top
Next
INFORMS site uses cookies to store information on your computer. Some are essential to make our site work; Others help us improve the user experience. By using this site, you consent to the placement of these cookies. Please read our Privacy Statement to learn more.
Agree