Competition and patching of security vulnerabilities: An empirical analysis

被引:27
|
作者
Arora, Ashish [3 ]
Forman, Chris [4 ]
Nandkumar, Anand [1 ]
Telang, Rahul [2 ]
机构
[1] Indian Sch Business, Hyderabad 500032, Andhra Pradesh, India
[2] Carnegie Mellon Univ, H John Heinz Coll 3, Pittsburgh, PA 15213 USA
[3] Duke Univ, Fuqua Sch Business, Durham, NC 27708 USA
[4] Georgia Inst Technol, Coll Management, Atlanta, GA 30308 USA
来源
INFORMATION ECONOMICS AND POLICY | 2010年 / 22卷 / 02期
基金
美国安德鲁·梅隆基金会; 美国国家科学基金会;
关键词
Information security; Competition; Software quality; Vulnerabilities; SOFTWARE VULNERABILITIES; MARKET-STRUCTURE; QUALITY; DURABILITY; IMPACT; TIME;
D O I
10.1016/j.infoecopol.2009.10.002
中图分类号
F [经济];
学科分类号
02 ;
摘要
We empirically estimate the effect of competition on vendor patching of software defects by exploiting variation in number of vendors that share a common flaw or common vulnerabilities. We distinguish between two effects: the direct competition effect when vendors in the same market share a vulnerability, and the indirect effect, which operates through non-rivals that operate in different markets but nonetheless share the same vulnerability. Using time to patch as our measure of quality, we find empirical support for both direct and indirect effects of competition. Our results show that ex-post product quality in software markets is not only conditioned by rivals that operate in the same product market, but by also non-rivals that share the same common flaw. (C) 2009 Elsevier B.V. All rights reserved.
引用
收藏
页码:164 / 177
页数:14
相关论文
共 50 条
  • [1] Patching zero-day vulnerabilities: an empirical analysis
    Roumani, Yaman
    JOURNAL OF CYBERSECURITY, 2021, 7 (01):
  • [2] Patching Assignment Optimization for Security Vulnerabilities
    Tong, Shao-Ming
    Huang, Chien-Cheng
    Lin, Feng-Yu
    Sun, Yeali
    INTERNATIONAL ARAB JOURNAL OF INFORMATION TECHNOLOGY, 2016, 13 (02) : 267 - 273
  • [3] Forecasting IT security vulnerabilities - An empirical analysis
    Yasasin, Emrah
    Prester, Julian
    Wagner, Gerit
    Schryen, Guido
    COMPUTERS & SECURITY, 2020, 88
  • [4] Empirical analysis of security vulnerabilities in Python packages
    Mahmoud Alfadel
    Diego Elias Costa
    Emad Shihab
    Empirical Software Engineering, 2023, 28
  • [5] Patching Security Vulnerabilities Using Stackelberg Security Games on Attack Graphs
    Wachter, Jasmin
    FRONTIERS OF ARTIFICIAL INTELLIGENCE, ETHICS, AND MULTIDISCIPLINARY APPLICATIONS, FAIEMA 2023, 2024, : 83 - 98
  • [6] Empirical analysis of security vulnerabilities in Python']Python packages
    Alfadel, Mahmoud
    Costa, Diego Elias
    Shihab, Emad
    EMPIRICAL SOFTWARE ENGINEERING, 2023, 28 (03)
  • [7] Empirical Analysis of Security Vulnerabilities in Python']Python Packages
    Alfadel, Mahmoud
    Costa, Diego Elias
    Shihab, Emad
    2021 IEEE INTERNATIONAL CONFERENCE ON SOFTWARE ANALYSIS, EVOLUTION AND REENGINEERING (SANER 2021), 2021, : 446 - 457
  • [8] Cyber security: Influence of patching vulnerabilities on the decision-making of hackers and analysts
    Maqbool, Zahid
    Pammi, V. S. Chandrasekhar
    Dutt, Varun
    2018 INTERNATIONAL CONFERENCE ON CYBER SITUATIONAL AWARENESS, DATA ANALYTICS AND ASSESSMENT (CYBER SA), 2018,
  • [9] Patching Vulnerabilities with Sanitization Synthesis
    Yu, Fang
    Alkhalaf, Muath
    Bultan, Tevfik
    2011 33RD INTERNATIONAL CONFERENCE ON SOFTWARE ENGINEERING (ICSE), 2011, : 251 - 260
  • [10] Analysis of Security Vulnerabilities and Countermeasures
    Son, Hyun-Min
    Joo, Nak-Keun
    Choi, Hyun-Taek
    Lee, Hyun-Cheol
    INTERNATIONAL JOURNAL OF COMPUTER SCIENCE AND NETWORK SECURITY, 2019, 19 (02): : 200 - 206
12345