Impact of Vulnerability Disclosure and Patch Availability - An Empirical Analysis

Arora, A and Krishnan, R and Nandkumar, A and Telang, R and Yang, Y and Heinz, H J (2004) Impact of Vulnerability Disclosure and Patch Availability - An Empirical Analysis. Working Paper. WEIS.

Full text not available from this repository. (Request a copy)


Vulnerability disclosure is an area of public policy that has been subject to considerable debate, particularly between proponents of full and instant disclosure, and those of limited or no disclosure. This paper is an attempt to empirically test the impact of vulnerability information disclosure and availability of patches on attackers’ tendency to exploit vulnerabilities on one hand and on the vendors’ tendency to release patches on the other. Our results suggest that while vendors are quick to respond to instant disclosure, vulnerability disclosure also increases the frequency of attacks. However, the frequency of attacks decreases over time. We also find that open source vendors patch more quickly than closed source vendors and that large vendors are more responsive.

Affiliation: Indian School of Business
ISB Creiators:
ISB Creators
Nandkumar, A
Item Type: Monograph (Working Paper)
Uncontrolled Keywords: Software Vulnerability, Full disclosure policy, attackers, patching behavior
Subjects: Business Strategy
Depositing User: Gurusrinivasan K
Date Deposited: 07 Nov 2021 12:45
Last Modified: 07 Nov 2021 12:45
Publisher URL:
Publisher OA policy:
Related URLs:

Actions (login required)

View Item View Item
Statistics for DESI ePrint 1603 Statistics for this ePrint Item