Start Date
10-12-2017 12:00 AM
Description
Prevention of cybersecurity exploitations requires the timely release of patches by software vendors for the vulnerabilities. While existing research has proposed theoretical models to explain vendors patch release behavior, the effect of sharing vulnerability information on social media has not been explored. An increased exposure of cybersecurity vulnerabilities on social media increases the exploitation risk of vulnerable systems. In this study, we propose a hazard model to determine the effect of increased social media exposure of vulnerability alerts on software vendors patch release time. Additionally, we examine the effect of contextual characteristics of cybersecurity vulnerabilities (i.e. security vulnerability characteristics and social media alert characteristics) on software vendors patch release time. This study contributes to social media hazard communication and cybersecurity vulnerability management literatures. The findings may help policy makers to strategize about social media disclosure. Further, software vendors might apply the insights to develop cybersecurity vulnerability prioritization and remediation framework.
Recommended Citation
Syed, Romilla, "Analyzing Software Vendors’ Patch Release Behavior in the Age of Social Media" (2017). ICIS 2017 Proceedings. 15.
https://aisel.aisnet.org/icis2017/Security/Presentations/15
Analyzing Software Vendors’ Patch Release Behavior in the Age of Social Media
Prevention of cybersecurity exploitations requires the timely release of patches by software vendors for the vulnerabilities. While existing research has proposed theoretical models to explain vendors patch release behavior, the effect of sharing vulnerability information on social media has not been explored. An increased exposure of cybersecurity vulnerabilities on social media increases the exploitation risk of vulnerable systems. In this study, we propose a hazard model to determine the effect of increased social media exposure of vulnerability alerts on software vendors patch release time. Additionally, we examine the effect of contextual characteristics of cybersecurity vulnerabilities (i.e. security vulnerability characteristics and social media alert characteristics) on software vendors patch release time. This study contributes to social media hazard communication and cybersecurity vulnerability management literatures. The findings may help policy makers to strategize about social media disclosure. Further, software vendors might apply the insights to develop cybersecurity vulnerability prioritization and remediation framework.