This Article 
   
 Share 
   
 Bibliographic References 
   
 Add to: 
 
Digg
Furl
Spurl
Blink
Simpy
Google
Del.icio.us
Y!MyWeb
 
 Search 
   
Economics of Software Vulnerability Disclosure
January-February 2005 (vol. 3 no. 1)
pp. 20-25
Ashish Arora, Carnegie Mellon University
Rahul Telang, Carnegie Mellon University
Information security breaches frequently exploit software flaws or vulnerabilities, causing significant economic losses. Considerable debate and disagreement exist about how to disclose vulnerabilities to the public. A theoretical framework helps identify the key data elements needed to develop a sensible way of handling vulnerability disclosure. The authors analyzed two data sets?vendor response to disclosure and attack data from honeypots?which are useful for understanding how attackers respond to disclosure.
Index Terms:
software vulnerability, disclosure policy, economic analysis, patching
Citation:
Ashish Arora, Rahul Telang, "Economics of Software Vulnerability Disclosure," IEEE Security & Privacy, vol. 3, no. 1, pp. 20-25, Jan.-Feb. 2005, doi:10.1109/MSP.2005.12
Usage of this product signifies your acceptance of the Terms of Use.