Impact of Vulnerability Disclosure and Patch Availability - An Empirical Analysis

Arora, A and Krishnan, R and Nandkumar, A and Telang, R and Yang, Y and Heinz, H J (2004) Impact of Vulnerability Disclosure and Patch Availability - An Empirical Analysis. Working Paper. WEIS.

Full text not available from this repository. (Request a copy)

Abstract

Vulnerability disclosure is an area of public policy that has been subject to considerable debate, particularly between proponents of full and instant disclosure, and those of limited or no disclosure. This paper is an attempt to empirically test the impact of vulnerability information disclosure and availability of patches on attackers’ tendency to exploit vulnerabilities on one hand and on the vendors’ tendency to release patches on the other. Our results suggest that while vendors are quick to respond to instant disclosure, vulnerability disclosure also increases the frequency of attacks. However, the frequency of attacks decreases over time. We also find that open source vendors patch more quickly than closed source vendors and that large vendors are more responsive.

Item Type: Monograph (Working Paper)
Subjects: Business Strategy
Date Deposited: 07 Nov 2021 12:45
Last Modified: 07 Nov 2021 12:45
URI: https://eprints.exchange.isb.edu/id/eprint/1603

Actions (login required)

View Item
View Item