ARE MARKETS FOR VULNERABILITIES EFFECTIVE?
成果类型:
Article
署名作者:
Ransbotham, Sam; Mitra, Sabyaschi; Ramsey, Jon
署名单位:
Boston College; University System of Georgia; Georgia Institute of Technology
刊物名称:
MIS QUARTERLY
ISSN/ISSBN:
0276-7783
发表日期:
2012
页码:
43-64
关键词:
software vulnerabilities
Information Security
regression-models
product diffusion
announcements
PUNISHMENT
management
IMPACT
crime
patch
摘要:
Current reward structures in security vulnerability disclosure may be skewed toward benefiting nefarious usage of vulnerability information rather than responsible disclosure. Recently suggested market-based mechanisms offer incentives to responsible security researchers for discovering and reporting vulnerabilities. However, concerns exist that any benefits gained through increased incentives for responsible discovely may be lost through information leakage. Using perspectives drawn from the diffusion of innovations literature, we examine the effectiveness of market-based vulnerability disclosure mechanisms. Empirical examination of two years of security alert data finds that market-based disclosure restricts the diffusion of vulnerability exploitations, reduces the risk of exploitation, and decreases the volume of exploitation attempts.