Competition and patching of security vulnerabilities: An empirical analysis

被引:27
|
作者
Arora, Ashish [3 ]
Forman, Chris [4 ]
Nandkumar, Anand [1 ]
Telang, Rahul [2 ]
机构
[1] Indian Sch Business, Hyderabad 500032, Andhra Pradesh, India
[2] Carnegie Mellon Univ, H John Heinz Coll 3, Pittsburgh, PA 15213 USA
[3] Duke Univ, Fuqua Sch Business, Durham, NC 27708 USA
[4] Georgia Inst Technol, Coll Management, Atlanta, GA 30308 USA
来源
INFORMATION ECONOMICS AND POLICY | 2010年 / 22卷 / 02期
基金
美国国家科学基金会; 美国安德鲁·梅隆基金会;
关键词
Information security; Competition; Software quality; Vulnerabilities; SOFTWARE VULNERABILITIES; MARKET-STRUCTURE; QUALITY; DURABILITY; IMPACT; TIME;
D O I
10.1016/j.infoecopol.2009.10.002
中图分类号
F [经济];
学科分类号
02 ;
摘要
We empirically estimate the effect of competition on vendor patching of software defects by exploiting variation in number of vendors that share a common flaw or common vulnerabilities. We distinguish between two effects: the direct competition effect when vendors in the same market share a vulnerability, and the indirect effect, which operates through non-rivals that operate in different markets but nonetheless share the same vulnerability. Using time to patch as our measure of quality, we find empirical support for both direct and indirect effects of competition. Our results show that ex-post product quality in software markets is not only conditioned by rivals that operate in the same product market, but by also non-rivals that share the same common flaw. (C) 2009 Elsevier B.V. All rights reserved.
引用
收藏
页码:164 / 177
页数:14
相关论文
共 50 条
  • [31] Security Analysis of DeFi: Vulnerabilities, Attacks and Advances
    Li, Wenkai
    Bu, Jiuyang
    Li, Xiaoqi
    Chen, Xianyi
    2022 IEEE INTERNATIONAL CONFERENCE ON BLOCKCHAIN (BLOCKCHAIN 2022), 2022, : 488 - 493
  • [32] Hybrid Analysis Of Executables To Detect Security Vulnerabilities
    Kumar, Pranith D.
    Nema, Anchal
    Kumar, Rajeev
    ISEC 2009 - PROCEEDINGS OF THE 2ND INDIA SOFTWARE ENGINEERING CONFERENCE, 2009, : 141 - 142
  • [33] Analysis and Prevention of Security Vulnerabilities in a Smart City
    Lupton, Ben
    Zappe, Mackenzie
    Thom, Jay
    Sengupta, Shamik
    Feil-Seifer, Dave
    2022 IEEE 12TH ANNUAL COMPUTING AND COMMUNICATION WORKSHOP AND CONFERENCE (CCWC), 2022, : 702 - 708
  • [34] An analysis of mobile WiMAX security: Vulnerabilities and solutions
    Shon, Taeshik
    Choi, Wook
    NETWORK-BASED INFORMATION SYSTEMS, PROCEEDINGS, 2007, 4658 : 88 - +
  • [35] NFC Security Analysis and Vulnerabilities in Healthcare Applications
    Alzahrani, Ali
    Alqhtani, Abdullah
    Elmiligi, Haytham
    Gebali, Fayez
    Yasein, Mohamed S.
    2013 IEEE PACIFIC RIM CONFERENCE ON COMMUNICATIONS, COMPUTERS AND SIGNAL PROCESSING (PACRIM), 2013, : 302 - 305
  • [36] Analysis of Mobile WiMAX Security: Vulnerabilities and Solutions
    Han, Tao
    Zhang, Ning
    Liu, Kaiming
    Tang, Bihua
    Liu, Yuan'an
    2008 FIFTH IEEE INTERNATIONAL CONFERENCE ON MOBILE AD-HOC AND SENSOR SYSTEMS, VOLS 1 AND 2, 2008, : 828 - 833
  • [37] Analysis of Field Data on Web Security Vulnerabilities
    Fonseca, Jose
    Seixas, Nuno
    Vieira, Marco
    Madeira, Henrique
    IEEE TRANSACTIONS ON DEPENDABLE AND SECURE COMPUTING, 2014, 11 (02) : 89 - 100
  • [38] Impact Metrics of Security Vulnerabilities: Analysis and Weighing
    Spanos, Georgios
    Angelis, Lefteris
    INFORMATION SECURITY JOURNAL, 2015, 24 (1-3): : 57 - 71
  • [39] The Impact of Competition Intensity on Software Security: An Empirical Analysis of Web Browser Patch Releases
    Jo, Arrah-Marie
    REVIEW OF NETWORK ECONOMICS, 2024,
  • [40] Patching Logic Vulnerabilities for Web Applications using LogicPatcher
    Monshizadeh, Maliheh
    Naldurg, Prasad
    Venkatakrishnan, V. N.
    CODASPY'16: PROCEEDINGS OF THE SIXTH ACM CONFERENCE ON DATA AND APPLICATION SECURITY AND PRIVACY, 2016, : 73 - 84
12345