Competition and patching of security vulnerabilities: An empirical analysis

被引：27

作者：

Arora, Ashish ^{[3
]}

Forman, Chris ^{[4
]}

Nandkumar, Anand ^{[1
]}

Telang, Rahul ^{[2
]}

机构：

[1] Indian Sch Business, Hyderabad 500032, Andhra Pradesh, India

[2] Carnegie Mellon Univ, H John Heinz Coll 3, Pittsburgh, PA 15213 USA

[3] Duke Univ, Fuqua Sch Business, Durham, NC 27708 USA

[4] Georgia Inst Technol, Coll Management, Atlanta, GA 30308 USA

来源：

INFORMATION ECONOMICS AND POLICY | 2010年 / 22卷 / 02期

基金：

美国安德鲁·梅隆基金会; 美国国家科学基金会;

关键词：

Information security; Competition; Software quality; Vulnerabilities; SOFTWARE VULNERABILITIES; MARKET-STRUCTURE; QUALITY; DURABILITY; IMPACT; TIME;

D O I：

10.1016/j.infoecopol.2009.10.002

中图分类号：

F [经济];

学科分类号：

02 ;

摘要：

We empirically estimate the effect of competition on vendor patching of software defects by exploiting variation in number of vendors that share a common flaw or common vulnerabilities. We distinguish between two effects: the direct competition effect when vendors in the same market share a vulnerability, and the indirect effect, which operates through non-rivals that operate in different markets but nonetheless share the same vulnerability. Using time to patch as our measure of quality, we find empirical support for both direct and indirect effects of competition. Our results show that ex-post product quality in software markets is not only conditioned by rivals that operate in the same product market, but by also non-rivals that share the same common flaw. (C) 2009 Elsevier B.V. All rights reserved.

引用

页码：164 / 177

页数：14

共 44 条

[1] Software effort, quality, and cycle time: A study of CMM level 5 projects
Agrawal, Manish
Chari, Kaushal
[J]. IEEE TRANSACTIONS ON SOFTWARE ENGINEERING, 2007, 33 (03) : 145 - 156
[2] [Anonymous], 2001, Econometric Analysis of Cross Section and Panel Data
[3] Arbaugh WA, 2000, COMPUTER, V33, P52, DOI 10.1109/2.889093
[4] Research note - Sell first, fix later: Impact of patching on software quality
Arora, A
Caulkins, JP
Telang, R
[J]. MANAGEMENT SCIENCE, 2006, 52 (03) : 465 - 471
[5] ARORA A, INFORM SYST IN PRESS
[6] Optimal policy for software vulnerability disclosure
Arora, Ashish
Telang, Rahul
Xu, Hao
[J]. MANAGEMENT SCIENCE, 2008, 54 (04) : 642 - 656
[7] Does information security attack frequency increase with vulnerability disclosure? An empirical analysis
Arora, Ashish
Nandkumar, Anand
Telang, Rahul
[J]. INFORMATION SYSTEMS FRONTIERS, 2006, 8 (05) : 350 - 362
[8] Baltagi B.H., 2021, ECONOMETRIC ANAL PAN, DOI DOI 10.1007/978-3-030-53953-5
[9] REUSE AND PRODUCTIVITY IN INTEGRATED COMPUTER-AIDED SOFTWARE ENGINEERING - AN EMPIRICAL-STUDY
BANKER, RD
KAUFFMAN, RJ
[J]. MIS QUARTERLY, 1991, 15 (03) : 375 - 401
[10] Software development practices, software complexity, and software maintenance performance: A field study
Banker, RD
Davis, GB
Slaughter, SA
[J]. MANAGEMENT SCIENCE, 1998, 44 (04) : 433 - 450

← 1 2 3 4 5 →