Do Security Vulnerability Announcemnets Impact Software Vendors - An Event Study Analysis
نویسندگان
چکیده
In this paper, we use the event study methodology to examine the role that financial markets play in determining the impact of vulnerability disclosures on software vendors. We collect data from leading national newspapers and industry sources by searching for reports on published software vulnerabilities. Our main result is that vulnerability disclosures do lead to a negative and significant change in market value for a software vendor. On average, a vendor loses around 0.6% value in stock price when a vulnerability is reported. To provide further insight, we use the information content of the disclosure announcement to classify vulnerabilities into various types. This is the first study to measure vendors’ incentive to develop secure software and also provides many interesting implications for software vendors as well as policy makers.
منابع مشابه
Impact of Software Vulnerability Announcements on the Market Value of Software Vendors - an Empirical Investigation
Researchers in the area of information security have mainly been concerned with tools, techniques and policies that firms can use to protect themselves against security breaches. However, information security is as much about security software as it is about secure software. Software is not secure when it has defects or flaws which can be exploited by hackers to cause attacks such as unauthoriz...
متن کاملAn Empirical Analysis of Vendor Response to Disclosure Policy
Software vulnerability disclosure has generated intense interest and debate. In particular, there have been arguments made both in opposition to and in favor of alternatives such as full and instant disclosure and limited or no disclosure. An important consideration in this debate is the behavior of the software vendor. Does vulnerability disclosure policy have an effect on patch release behavi...
متن کاملEffect of Vulnerability Disclosures on Market Value of Software Vendors – An Event Study Analysis
1. Introduction & Literature Review The objective of this paper is to estimate the losses that software vendors bear when a vulnerability is disclosed in their product. Software vulnerabilities are increasing grabbing media attention because incidents like SQL Slammer, Code Red and Nimda virus, which cost firms millions of dollars in downtime and damages, were caused as a result of hackers expl...
متن کاملA Reputation-Based Mechanism for Software Vulnerability Disclosure
Whether and how to disclose software vulnerability information has been debated intensely. An optimal disclosure policy should balance the tradeoff between its impact on software vendors' incentives and the potential risks imposed on customers. Previous research on software vulnerability primarily focused on the timing aspect of the disclosure policy. In this paper, we investigate another dimen...
متن کاملAn Empirical Analysis of Software Vendors' Patching Behavior: Impact of Vulnerability Disclosure
One key aspect of better and more secure software is timely and reliable patching of vulnerabilities by software vendors. Recently, software vulnerability disclosure, which refers to the publication of vulnerability information before a patch to fix the vulnerability has been issued by the software vendor, has generated intense interest and debate. In particular, there have been arguments made ...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2005