An Empirical Analysis of Vulnerability Disclosure Policies
نویسنده
چکیده
منابع مشابه
The Effects of Vulnerability Disclosure Policy on the Diffusion of Security Attacks
With the nearly instantaneous spread of information in modern society, policies regarding the disclosure of information about security vulnerabilities have become the focus of significant discussion. The fundamental debate centers on tradeoffs inherent in disclosing information that security professionals need, but that can also be used for nefarious purposes. Our empirical study compares attac...
متن کاملDoes information security attack frequency increase with vulnerability disclosure? An empirical analysis
Research in information security, risk management and investment has grown in importance over the last few years. However, without reliable estimates on attack probabilities, risk management is difficult to do in practice. Using a novel data set, we provide estimates on attack propensity and how it changes with disclosure and patching of vulnerabilities. Disclosure of software vulnerability has...
متن کاملImpact of Vulnerability Disclosure and Patch Availability - An Empirical Analysis
Vulnerability disclosure is an area of public policy that has been subject to considerable debate, particularly between proponents of full and instant disclosure, and those of limited or no disclosure. This paper is an attempt to empirically test the impact of vulnerability information disclosure and availability of patches on attackers’ tendency to exploit vulnerabilities on one hand and on th...
متن کاملThe Disclosure and Diffusion of Security Information
With the nearly instantaneous dissemination of information in the modern era, policies regarding the disclosure of sensitive information have become the focus of significant discussion in several contexts. The fundamental debate centers on tradeoffs inherent in disclosing information that society needs, but that can also be used for nefarious purposes. Using information security as a research c...
متن کاملAn Empirical Analysis of Vendor Response to Disclosure Policy
Software vulnerability disclosure has generated intense interest and debate. In particular, there have been arguments made both in opposition to and in favor of alternatives such as full and instant disclosure and limited or no disclosure. An important consideration in this debate is the behavior of the software vendor. Does vulnerability disclosure policy have an effect on patch release behavi...
متن کامل