Information systems security design methods: implications for information systems development
ACM Computing Surveys (CSUR)
Authentication, access control, and audit
ACM Computing Surveys (CSUR)
The economics of information security investment
ACM Transactions on Information and System Security (TISSEC)
New Product Diffusion Acceleration: Measurement and Analysis
Marketing Science
Computer security strength and risk: a quantitative approach
Computer security strength and risk: a quantitative approach
The Value of Intrusion Detection Systems in Information Technology Security Architecture
Information Systems Research
Market for Software Vulnerabilities? Think Again
Management Science
Large-scale vulnerability analysis
Proceedings of the 2006 SIGCOMM workshop on Large-scale attack defense
Common Vulnerability Scoring System
IEEE Security and Privacy
Network Software Security and User Incentives
Management Science
Research NoteSell First, Fix Later: Impact of Patching on Software Quality
Management Science
Understanding Hidden Information Security Threats: The Vulnerability Black Market
HICSS '07 Proceedings of the 40th Annual Hawaii International Conference on System Sciences
Efficiency of Vulnerability Disclosure Mechanisms to Disseminate Vulnerability Knowledge
IEEE Transactions on Software Engineering
International Journal of Electronic Commerce
Estimating Software Vulnerabilities
IEEE Security and Privacy
An examination of private intermediaries' roles in software vulnerabilities disclosure
Information Systems Frontiers
An Empirical Analysis of the Impact of Software Vulnerability Announcements on Firm Stock Price
IEEE Transactions on Software Engineering
Optimal Policy for Software Vulnerability Disclosure
Management Science
Security Patch Management: Share the Burden or Share the Damage?
Management Science
Let the Pirates Patch? An Economic Analysis of Software Security Patch Restrictions
Information Systems Research
New Product Diffusion with Influentials and Imitators
Marketing Science
Choice and Chance: A Conceptual Model of Paths to Information Security Compromise
Information Systems Research
Attack graph based evaluation of network security
CMS'06 Proceedings of the 10th IFIP TC-6 TC-11 international conference on Communications and Multimedia Security
A novel approach to evaluate software vulnerability prioritization
Journal of Systems and Software
Hi-index | 0.00 |
Current reward structures in security vulnerability disclosure may be skewed toward benefitting nefarious usage of vulnerability information rather than responsible disclosure. Recently suggested market-based mechanisms offer incentives to responsible security researchers for discovering and reporting vulnerabilities. However, concerns exist that any benefits gained through increased incentives for responsible discovery may be lost through information leakage. Using perspectives drawn from the diffusion of innovations literature, we examine the effectiveness of market-based vulnerability disclosure mechanisms. Empirical examination of two years of security alert data finds that market-based disclosure restricts the diffusion of vulnerability exploitations, reduces the risk of exploitation, and decreases the volume of exploitation attempts.