Issue No. 01 - January-February (2005 vol. 3)
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/MSP.2005.12
Ashish Arora , Carnegie Mellon University
Rahul Telang , Carnegie Mellon University
Information security breaches frequently exploit software flaws or vulnerabilities, causing significant economic losses. Considerable debate and disagreement exist about how to disclose vulnerabilities to the public. A theoretical framework helps identify the key data elements needed to develop a sensible way of handling vulnerability disclosure. The authors analyzed two data sets?vendor response to disclosure and attack data from honeypots?which are useful for understanding how attackers respond to disclosure.
software vulnerability, disclosure policy, economic analysis, patching
A. Arora and R. Telang, "Economics of Software Vulnerability Disclosure," in IEEE Security & Privacy, vol. 3, no. , pp. 20-25, 2005.