Competition and patching of security vulnerabilities: An empirical analysis

被引：27

作者：

Arora, Ashish ^{[3
]}

Forman, Chris ^{[4
]}

Nandkumar, Anand ^{[1
]}

Telang, Rahul ^{[2
]}

机构：

[1] Indian Sch Business, Hyderabad 500032, Andhra Pradesh, India

[2] Carnegie Mellon Univ, H John Heinz Coll 3, Pittsburgh, PA 15213 USA

[3] Duke Univ, Fuqua Sch Business, Durham, NC 27708 USA

[4] Georgia Inst Technol, Coll Management, Atlanta, GA 30308 USA

来源：

INFORMATION ECONOMICS AND POLICY | 2010年 / 22卷 / 02期

基金：

美国国家科学基金会; 美国安德鲁·梅隆基金会;

关键词：

Information security; Competition; Software quality; Vulnerabilities; SOFTWARE VULNERABILITIES; MARKET-STRUCTURE; QUALITY; DURABILITY; IMPACT; TIME;

D O I：

10.1016/j.infoecopol.2009.10.002

中图分类号：

F [经济];

学科分类号：

02 ;

摘要：

We empirically estimate the effect of competition on vendor patching of software defects by exploiting variation in number of vendors that share a common flaw or common vulnerabilities. We distinguish between two effects: the direct competition effect when vendors in the same market share a vulnerability, and the indirect effect, which operates through non-rivals that operate in different markets but nonetheless share the same vulnerability. Using time to patch as our measure of quality, we find empirical support for both direct and indirect effects of competition. Our results show that ex-post product quality in software markets is not only conditioned by rivals that operate in the same product market, but by also non-rivals that share the same common flaw. (C) 2009 Elsevier B.V. All rights reserved.

引用

页码：164 / 177

页数：14

共 50 条

[41] PDGraph: A Large-Scale Empirical Study on Project Dependency of Security Vulnerabilities
Li, Qiang
Song, Jinke
Tan, Dawei
Wang, Haining
Liu, Jiqiang
51ST ANNUAL IEEE/IFIP INTERNATIONAL CONFERENCE ON DEPENDABLE SYSTEMS AND NETWORKS (DSN 2021), 2021, : 161 - 173
[42] Security Vulnerabilities in Categories of Clones and Non-Cloned Code: An Empirical Study
Islam, Md Rakibul
Zibran, Minhaz F.
Nagpal, Aayush
11TH ACM/IEEE INTERNATIONAL SYMPOSIUM ON EMPIRICAL SOFTWARE ENGINEERING AND MEASUREMENT (ESEM 2017), 2017, : 20 - 29
[43] An analysis of security vulnerabilities in container images for scientific data analysis
Kaur, Bhupinder
Dugre, Mathieu
Hanna, Aiman
Glatard, Tristan
GIGASCIENCE, 2021, 10 (06):
[44] Cryptography in the Wild: An Empirical Analysis of Vulnerabilities in Cryptographic Libraries
Blessing, Jenny
Specter, Michael A.
Weitzner, Daniel J.
PROCEEDINGS OF THE 19TH ACM ASIA CONFERENCE ON COMPUTER AND COMMUNICATIONS SECURITY, ACM ASIACCS 2024, 2024, : 605 - 620
[45] Security vulnerabilities: From analysis to detection and masking techniques
Chen, S
Xu, J
Kalbarczyk, Z
Iyer, RK
PROCEEDINGS OF THE IEEE, 2006, 94 (02) : 407 - 418
[46] An analysis of the Security Threats and Vulnerabilities of Cloud Computing in Oman
AlZadjali, Amira M.
Al-Badi, Ali H.
Ali, Saqib
2015 INTERNATIONAL CONFERENCE ON INTELLIGENT NETWORKING AND COLLABORATIVE SYSTEMS IEEE INCOS 2015, 2015, : 423 - 428
[47] Uncovering security vulnerabilities through multiplatform malware analysis
Mohammadi, R.
Hosseini, M. M.
Bahrami, R.
SECURITY AND PRIVACY, 2025, 8 (01):
[48] Analysis of Common Vulnerabilities and Exposures to Produce Security Trends
Santiago, Norman
Mendez, Janelli
PROCEEDINGS OF THE 2022 INTERNATIONAL CONFERENCE ON CYBER SECURITY, CSW 2022, 2022, : 16 - 19
[49] Security analysis of vulnerabilities and threats for medical information systems
Ju, Tea Kyung
Hong, Chong Min
Shin, Weon
ICIC Express Letters, 2015, 9 (03): : 849 - 854
[50] A software security assessment system based on analysis of vulnerabilities
Sui, Chenmeng
Liu, Yanzhao
Liu, Yun
Journal of Convergence Information Technology, 2012, 7 (06) : 211 - 219

← 1 2 3 4 5 →