The Impact of Immediate Disclosure on Attack Diffusion and Volume
A significant debate in the security industry revolves around the vulnerability disclosure policy. We investigate the effects of immediate disclosure through an empirical study that analyzes security alerts for 960 clients of an US based security service provider. We find that immediate disclosure of vulnerabilities reduces delay in the attack diffusion process and slightly increases penetration of attacks in the population of target systems but slightly decreases the overall the volume of attacks.
- 8.National Vulnerability Database (2008) http://nvd.nist.gov/ Accessed 23 Apr 2008
- 11.Ransbotham S, Mitra S, Ramsey J (2011) Are Markets for Vulnerabilities Effective? MIS Quarterly forthcomingGoogle Scholar
- 12.Rogers EM (2003) Diffusion of innovations, 5th edn. The Free Press, New York, NYGoogle Scholar