Software Vulnerability Disclosure and its Impact on Exploitation: An Empirical Study

Authors

George A. Mangalaraj, The University of Texas at ArlingtonFollow
M. K. Raja, University of Texas at ArlingtonFollow

Abstract

In a networked world, computer systems are highly exposed to the attacks of worms / viruses. Many of these attacks stem from the vulnerabilities in the software code. One of the issues that plagues the information security area is the publicly available information about the vulnerabilities in popular software applications. This information has been put to good as well as bad use by people in the technical community. Software vendors and the anti-virus companies develop patches to resolve the software vulnerability. Hackers and virus writers make use of the same information to write malicious code to exploit the vulnerability. This exploratory study analyzes whether the information availability has an impact on the exploitation of the vulnerability. This study also considers some of the characteristics of the vulnerability information and its impact on the exploitation. Two of the factors thus considered, namely, the criticality, and cumulativeness of the vulnerability was found to have a significant impact on the actual exploitation.

Recommended Citation

Mangalaraj, George A. and Raja, M. K., "Software Vulnerability Disclosure and its Impact on Exploitation: An Empirical Study" (2005). AMCIS 2005 Proceedings. 273.
https://aisel.aisnet.org/amcis2005/273