DIFFERENTIAL EFFECTS OF PRIOR EXPERIENCE ON THE MALWARE RESOLUTION PROCESS
成果类型:
Article
署名作者:
Kim, Seung Hyun; Kim, Byung Cho
署名单位:
Yonsei University; National University of Singapore; Korea University
刊物名称:
MIS QUARTERLY
ISSN/ISSBN:
0276-7783
DOI:
10.25300/MISQ/2014/38.3.02
发表日期:
2014
页码:
655-678
关键词:
software security
patch release
empirical-analysis
ECONOMIC-ANALYSIS
vulnerabilities
IMPACT
systems
MARKET
announcements
exploration
摘要:
Despite growing interest in the economic and policy aspects of information security, little academic research has used field data to examine the development process of a security countermeasure provider. In this paper, we empirically examine the learning process a security software developer undergoes in resolving a malware problem. Using the data collected from a leading antivirus software company in Asia, we study the differential effects of experience on the malware resolution process. Our findings reveal that general knowledge from cross-family experience has greater impact than specific knowledge from within-family experience on performance in the malware resolution process. We also examine the factors that drive the differential effects of prior experience. Interestingly, our data show that cross-family experience is more effective than within-family experience in malware resolution when malware targets the general public than when a specific victim is targeted. Similar results-for example, the higher (lower) effect of cross-family (within-family) experience-were observed in the presence of information sharing among software vendors or during a disruption caused by a catastrophe. Our study contributes to a better understanding of the specific expertise required for security countermeasure providers to be able to respond under varying conditions to fast-evolving malware.
来源URL: