Optimal Policy for Software Vulnerability Disclosure

  title={Optimal Policy for Software Vulnerability Disclosure},
  author={Ashish Arora and Rahul Telang and Hao Xu},
  journal={Management Science},
S vulnerabilities represent a serious threat to cybersecurity, most cyberattacks exploit known vulnerabilities. Unfortunately, there is no agreed-upon policy for their disclosure. Disclosure policy (which sets a protected period given to a vendor to release the patch for the vulnerability) indirectly affects the speed and quality of the patch that a vendor develops. Thus, CERT/CC and similar bodies acting in the public interest can use disclosure to influence the behavior of vendors and reduce… CONTINUE READING
Highly Influential
This paper has highly influenced 11 other papers. REVIEW HIGHLY INFLUENTIAL CITATIONS
Highly Cited
This paper has 125 citations. REVIEW CITATIONS


Publications citing this paper.
Showing 1-10 of 78 extracted citations

To disclose or not? An analysis of software user behavior

Information Economics and Policy • 2007
View 10 Excerpts
Highly Influenced

Network Software Security and User Incentives

Management Science • 2006
View 6 Excerpts
Highly Influenced

Strategic Aspects of Cyber Risk Information Sharing

ACM Comput. Surv. • 2017
View 14 Excerpts
Highly Influenced

126 Citations

Citations per Year
Semantic Scholar estimates that this publication has 126 citations based on the available data.

See our FAQ for additional information.

Similar Papers

Loading similar papers…