Impact of Software Vulnerability Announcements on the Market Value of Software Vendors - An Empirical Investigation

Telang, Rahul; Wattal, Sunil

doi:10.2139/ssrn.677427

Cited by 34 publications

(16 citation statements)

References 33 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Arora et al (2008) use a dataset assembled from CERT/CC's vulnerability notes and SecurityFocus database to show that early disclosure leads to faster patch release times. Telang and Wattal (2007) use an event study methodology to show that vulnerability disclosure leads to a loss of market value. Li and Rao (2007) empirically examined the role of private intermediaries on the timing of patch release by vendors and found that the presence of private intermediaries decreases vendors' incentive to deliver timely patches.…”

Section: Related Literature and Contributionmentioning

confidence: 99%

Competition and patching of security vulnerabilities: An empirical analysis

Arora

Forman

Nandkumar

et al. 2010

Information Economics and Policy

Self Cite

View full text Add to dashboard Cite

a b s t r a c tWe empirically estimate the effect of competition on vendor patching of software defects by exploiting variation in number of vendors that share a common flaw or common vulnerabilities. We distinguish between two effects: the direct competition effect when vendors in the same market share a vulnerability, and the indirect effect, which operates through non-rivals that operate in different markets but nonetheless share the same vulnerability. Using time to patch as our measure of quality, we find empirical support for both direct and indirect effects of competition. Our results show that ex-post product quality in software markets is not only conditioned by rivals that operate in the same product market, but by also non-rivals that share the same common flaw.

show abstract

Section: Related Literature and Contributionmentioning

confidence: 99%

Competition and patching of security vulnerabilities: An empirical analysis

Arora

Forman

Nandkumar

et al. 2010

Information Economics and Policy

Self Cite

View full text Add to dashboard Cite

show abstract

“…We contribute to a wide literature on financial market reactions to IT failure (Bharadwaj et al, 2009;Cavusoglu, Mishra, & Raghunathan, 2004;Gordon et al, 2010;Telang & Wattal, 2005). We bring an important innovation to this literature: an actionable solution that managers can pursue.…”

Section: Resultsmentioning

confidence: 99%

The Use of Impression Management Strategies to Manage Stock Market Reactions to IT Failures

Triche¹,

Walden²

2018

JAIS

View full text Add to dashboard Cite

In this work we show how organizational impression management strategies can influence stock market reactions to information technology (IT) failures. We combine the resource-based view of the firm with organizational impression management strategies to analyze what strategies work with different types and causes of IT failures. We perform an event study on a sample of 214 IT failures over eight years and find that a firm's choice of organizational impression management strategy has a significant effect on a firm's market value. On average, over $212 million in market value can be saved with the correct impression management strategy. For implementation failures, we find that assertive strategies are better than defensive strategies. Conversely, we find that for operational failures, defensive strategies are superior. Furthermore, we examine failures caused by human error and discuss the impacts. This research provides new theoretical insights to the resource-based view of the firm.

show abstract

“…damage to an organization [3]. Whereas a software bug can cause a software artifact to fail, a security bug can allow a malicious user to alter the execution of the entire application for his or her own gain.…”

Section: Introductionmentioning

confidence: 99%

Securing Legacy Code with the TRACER Platform

Stroggylos

Mitropoulos

Tzermias

et al. 2014

Proceedings of the 18th Panhellenic Conference on Informatics

View full text Add to dashboard Cite

Software vulnerabilities can severely affect an organization's infrastructure and cause significant financial damage to it. A number of tools and techniques are available for performing vulnerability detection in software written in various programming platforms, in a pursuit to mitigate such defects. However, since the requirements for running such tools and the formats in which they store and present their results vary wildly, it is difficult to utilize many of them in the scope of a project. By simplifying the process of running a variety of vulnerability detectors and collecting their results in an efficient, automated manner during development, the task of tracking security defects throughout the evolution history of software projects is bolstered. In this paper we present tracer, a software framework and platform to support the development of more secure applications by constantly monitoring software projects for vulnerabilities. The platform allows the easy integration of existing tools that statically detect software vulnerabilities and promotes their use during software development and maintenance. To demonstrate the efficiency and usability of the platform, we integrated two popular static analysis tools, FindBugs and Frama-c as sample implementations, and report on preliminary results from their use.

show abstract

Impact of Software Vulnerability Announcements on the Market Value of Software Vendors - An Empirical Investigation

Cited by 34 publications

References 33 publications

Competition and patching of security vulnerabilities: An empirical analysis

Competition and patching of security vulnerabilities: An empirical analysis

The Use of Impression Management Strategies to Manage Stock Market Reactions to IT Failures

Securing Legacy Code with the TRACER Platform

Contact Info

Product

Resources

About