Competition and patching of security vulnerabilities: An empirical analysis

Arora, Ashish; Forman, Chris; Nandkumar, Anand; Telang, Rahul

doi:10.1016/j.infoecopol.2009.10.002

Cited by 35 publications

(34 citation statements)

References 33 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In [19], authors show that on average a vendor loses 0.6% of the stock price with the disclosure of a vulnerability. In [8], authors show that a vendor with more competitors patches the vulnerabilities more quickly. In [7], they show that the vulnerability disclosure accelerates the patch release.…”

Section: B Studies On Disclosure and Patchingmentioning

confidence: 99%

“…The goal of such work is to estimate the number of vulnerabilities in new software products. Another direction of work aims to study the changes in the patching behavior of vendors in response to vulnerability disclosures and the existence of competitors [7], [8]. These studies analyze only small vulnerability data sets and do not cover the behavior of individual vendors.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

A large scale exploratory analysis of software vulnerability life cycles

Shahzad

Shafiq

Liu

2012

2012 34th International Conference on Software Engineering (ICSE)

138

View full text Add to dashboard Cite

Abstract-Software systems inherently contain vulnerabilities that have been exploited in the past resulting in significant revenue losses. The study of vulnerability life cycles can help in the development, deployment, and maintenance of software systems. It can also help in designing future security policies and conducting audits of past incidents. Furthermore, such an analysis can help customers to assess the security risks associated with software products of different vendors.In this paper, we conduct an exploratory measurement study of a large software vulnerability data set containing 46310 vulnerabilities disclosed since 1988 till 2011. We investigate vulnerabilities along following seven dimensions: (1) phases in the life cycle of vulnerabilities, (2) evolution of vulnerabilities over the years, (3) functionality of vulnerabilities, (4) access requirement for exploitation of vulnerabilities, (5) risk level of vulnerabilities, (6) software vendors, and (7) software products. Our exploratory analysis uncovers several statistically significant findings that have important implications for software development and deployment.

show abstract

Section: B Studies On Disclosure and Patchingmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

A large scale exploratory analysis of software vulnerability life cycles

Shahzad

Shafiq

Liu

2012

2012 34th International Conference on Software Engineering (ICSE)

138

View full text Add to dashboard Cite

show abstract

“…This study shows, and this is in particular emphasized in work concerning maintenance in security and safety sensitive environments [38], that maintenance behavior in purchasing organizations is not universal, but can be unified into a maintenance lifecycle model that takes different contexts into account. It presents a comprehensive review of the reasons for maintenance deferral and implementation within the area of vendor software from the purchaser's perspective.…”

Section: Discussionmentioning

confidence: 88%

“…Should a trigger event occur and be ignored, possible consequences include economic damage to the company [38], higher expenditure and forced outages at a later time [30], or even demise of the purchasing organization itself [5].…”

Section: Deferral Has Consequencesmentioning

confidence: 99%

See 1 more Smart Citation

A Conceptual Investigation of Maintenance Deferral and Implementation: Foundation for a Maintenance Lifecycle Model

Savage

Kautz

Clarke

2017

Complexity in Information Systems Development

View full text Add to dashboard Cite

Despite the fact that society and organizations rely heavily on Information Systems (IS) and software, the maintenance of vendor-supplied IS, in particular standard package software has gained little attention within the academic literature. This paper presents a conceptual study of the current state of research concerning the reasons for deferral and performance of vendor-supplied maintenance by the purchasing organization. These reasons have so far neither been investigated together nor from that perspective. Based on a systematic literature review and taking the purchaser's viewpoint, reasons for maintenance deferral and performance are identified from the literature. They build the groundwork and foundation for a Maintenance Lifecycle and Process Model that provides a starting point to research vendor-supplied maintenance from the customer's point of view. Disciplines Business AbstractDespite the fact that society and organizations rely heavily on Information Systems (IS) and software, the maintenance of vendor-supplied IS, in particular standard package software has gained little attention within the academic literature. This paper presents a conceptual study of the current state of research concerning the reasons for deferral and performance of vendorsupplied maintenance by the purchasing organization. These reasons have so far neither been investigated together nor from that perspective. Based on a systematic literature review and taking the purchaser's viewpoint, reasons for maintenance deferral and performance are identified from the literature. They build the groundwork and foundation for a Maintenance Lifecycle and Process Model that provides a starting point to research vendor-supplied maintenance from the customer's point of view.

show abstract

Economic Impact of Software Patching and Optimal Release Scheduling

Anand

Agarwal

Tamura

et al. 2016

Quality & Reliability Eng

View full text Add to dashboard Cite

Because of highly distributed nature of software products, the task of improving software reliability is becoming a complex job. Specialized tools and techniques are being used to isolate the risky software modules. In order to retain in market, firms are required not only to provide the software on time but also to endow with continuous processing. Product updating is the process that comes to safeguard the firm's image at this point of time. And one such attribute of updating is providing software patches. Today, almost all software firms are providing either patching, module exchange or service pack application processes consequent to a release. This paper proposes a scheduling policy for a software product and shows the importance of patching in lowering the system outages and making the system more cost effective. Validation on the proposed policy has been done using real life software failure data set of Tandem Computers. Copyright © 2016 John Wiley & Sons, Ltd.

show abstract

Competition and patching of security vulnerabilities: An empirical analysis

Cited by 35 publications

References 33 publications

A large scale exploratory analysis of software vulnerability life cycles

A large scale exploratory analysis of software vulnerability life cycles

A Conceptual Investigation of Maintenance Deferral and Implementation: Foundation for a Maintenance Lifecycle Model

Economic Impact of Software Patching and Optimal Release Scheduling

Contact Info

Product

Resources

About