To Disclose or Not? An Analysis of Software User Behavior

D. Nizovtsev, Marie C. Thursby
{"title":"To Disclose or Not? An Analysis of Software User Behavior","authors":"D. Nizovtsev, Marie C. Thursby","doi":"10.2139/ssrn.899863","DOIUrl":null,"url":null,"abstract":"This paper addresses the ongoing debate over disclosing information about software vulnerabilities through an open public forum. Using a game-theoretic approach, we show that full public disclosure may be an equilibrium strategy in a game played by rational loss-minimizing agents. We provide conditions under which full public disclosure of vulnerabilities is desirable from a social welfare standpoint. We analyze the effect of several vendor and product characteristics and the composition of the pool of software users on the decisions to disclose and on social welfare. We also examine models in which users may spend effort to develop a fix or threaten vendors to disclose after a grace period. We show that to the extent that users are able to develop fixes for discovered vulnerabilities without inordinate effort, welfare is further improved. This is more likely the more familiar users are with the details of software providing an argument for \"open source\" software.","PeriodicalId":448360,"journal":{"name":"Kauffman: Small Research Projects (Topic)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2006-04-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"27","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Kauffman: Small Research Projects (Topic)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.2139/ssrn.899863","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 27

Abstract

This paper addresses the ongoing debate over disclosing information about software vulnerabilities through an open public forum. Using a game-theoretic approach, we show that full public disclosure may be an equilibrium strategy in a game played by rational loss-minimizing agents. We provide conditions under which full public disclosure of vulnerabilities is desirable from a social welfare standpoint. We analyze the effect of several vendor and product characteristics and the composition of the pool of software users on the decisions to disclose and on social welfare. We also examine models in which users may spend effort to develop a fix or threaten vendors to disclose after a grace period. We show that to the extent that users are able to develop fixes for discovered vulnerabilities without inordinate effort, welfare is further improved. This is more likely the more familiar users are with the details of software providing an argument for "open source" software.
查看原文
分享 分享
微信好友 朋友圈 QQ好友 复制链接
本刊更多论文
披露还是不披露?软件用户行为分析
这篇论文通过一个开放的公共论坛来解决正在进行的关于披露软件漏洞信息的争论。利用博弈论的方法,我们证明了完全公开披露可能是由理性损失最小化代理进行的博弈中的均衡策略。从社会福利的角度来看,我们提供了充分公开披露脆弱性的条件。我们分析了几个供应商和产品特征以及软件用户池的组成对信息披露决策和社会福利的影响。我们还研究了用户可能花费精力开发修复程序或威胁供应商在宽限期后披露的模型。我们表明,在某种程度上,用户能够为发现的漏洞开发修复程序,而无需过多的努力,福利得到了进一步改善。越熟悉软件细节的用户越有可能为“开源”软件提供论据。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 去求助
来源期刊
自引率
0.00%
发文量
0
期刊最新文献
Halting the Momentum? The Effect of Social Buffering on the Craft Focus of Wholesaler Portfolios Business Owners, Financial Risk, and Wealth Predicting the Next Big Thing: Success as a Signal of Poor Judgment To Disclose or Not? An Analysis of Software User Behavior
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
0
微信
客服QQ
Book学术公众号 扫码关注我们
反馈
×
意见反馈
请填写您的意见或建议
请填写您的手机或邮箱
已复制链接
已复制链接
快去分享给好友吧!
我知道了
×
扫码分享
扫码分享
Book学术官方微信
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术
文献互助 智能选刊 最新文献 互助须知 联系我们:info@booksci.cn
Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。
Copyright © 2023 Book学术 All rights reserved.
ghs 京公网安备 11010802042870号 京ICP备2023020795号-1