 An examination of private intermediaries’ roles in software vulnerabilities disclosurePu Li () and
H. Raghav Rao ()
Information Systems Frontiers, 2007, vol. 9, issue 5, No 8, 539 pages Abstract: Abstract Software vulnerability disclosure has generated much interest and debate. Recently some private intermediaries have entered this market. This paper examines the effects of such private intermediaries on optimal timing of disclosure policy made by public intermediaries and vendors’ reactions. Our analysis of private intermediaries’ role suggests that public intermediary’s optimal disclosure time does not change with private intermediary’s participation. However, a vendor’s patch time increases when the probability of information leakage is low, if not non-existent. In other words, private intermediaries’ service decreases a vendor’s willingness to deliver quick patches. Empirical evidence with 1493 vulnerability observations from CERT/CC and other 326 different vulnerability observations from iDefense provided support for our analytical results. Keywords: Software vulnerability; Disclosure; Private intermediary (search for similar items in EconPapers) Downloads: (external link) Related works: Export reference: BibTeX RIS (EndNote, ProCite, RefMan) HTML/Text Persistent link: https://EconPapers.repec.org/RePEc:spr:infosf:v:9:y:2007:i:5:d:10.1007_s10796-007-9047-2 Ordering information: This journal article can be ordered from DOI: 10.1007/s10796-007-9047-2 Access Statistics for this article Information Systems Frontiers is currently edited by Ram Ramesh and Raghav Rao More articles in Information Systems Frontiers from Springer |
Is your work missing from RePEc? Here is how to contribute.
Questions or problems? Check the EconPapers FAQ or send mail to .
EconPapers is hosted by the
School of Business at Örebro University.