Start Date
14-12-2012 12:00 AM
Description
With the nearly instantaneous spread of information in modern society, policies regarding the disclosure of sensitive information have become the focus of significant discussion. The fundamental debate centers on tradeoffs inherent in disclosing information that society needs, but that can also be used for nefarious purposes. Using information security as a research context, our empirical study compares attacks based on software vulnerabilities disclosed through full disclosure and limited disclosure mechanisms. We find that full disclosure accelerates the diffusion of attacks and increases the risk of first attack after the vulnerability is reported. Building off our theoretical insights, we discuss the implications of our findings on information disclosure in more general contexts.
Recommended Citation
Mitra, Sabyasachi and Ransbotham, Sam, "The Effects of Information Disclosure Policy on the Diffusion of Security Attacks" (2012). ICIS 2012 Proceedings. 4.
https://aisel.aisnet.org/icis2012/proceedings/ISSecurity/4
The Effects of Information Disclosure Policy on the Diffusion of Security Attacks
With the nearly instantaneous spread of information in modern society, policies regarding the disclosure of sensitive information have become the focus of significant discussion. The fundamental debate centers on tradeoffs inherent in disclosing information that society needs, but that can also be used for nefarious purposes. Using information security as a research context, our empirical study compares attacks based on software vulnerabilities disclosed through full disclosure and limited disclosure mechanisms. We find that full disclosure accelerates the diffusion of attacks and increases the risk of first attack after the vulnerability is reported. Building off our theoretical insights, we discuss the implications of our findings on information disclosure in more general contexts.