Searching for just a few words should be enough to get started. If you need to make more complex queries, use the tips below to guide you.
Article type: Research Article
Authors: Xiong, Qianga; * | Lian, Shuaia | Zeng, Zhangyingb | He, Runxinc | Zhu, Binxina | Yang, Xinqia
Affiliations: [a] School of Management, Jiangsu University, Zhenjiang, P.R. China | [b] Department of Technology and Science, Jiangsu University, Zhenjiang, P.R. China | [c] Baidu USA LLC, Bordeaux Drive, Sunnyvale, California, USA
Correspondence: [*] Corresponding author. Qiang Xiong, School of Management, Jiangsu University, Zhenjiang, 212013, P.R. China. E-mail: [email protected].
Abstract: The vulnerability patch R&D has become an important part of information security governance. An effective collaboration with software vendors in patch R&D is of great significance to reduce the existence time of information security risks. This works aims to explore the relationship between vulnerability information disclosure and patch R&D of software vendors. The data regarding the vulnerability and software vendors is gathered from third-party vulnerability sharing platforms, including (China’s national information security vulnerability database, CNNVD) and Tianyacha.com. Based on the theory of organizational information processing, linear regression model and Cox proportional risk regression model are built for appropriately addressing the research questions. The results show that the vulnerability disclosure of the third-party sharing platform can improve the patch R&D probability of software vendors. The information processing requirements, such as vulnerability information attention, vulnerability score and whether vulnerabilities are disclosed in advance accelerate the vulnerability patch R&D. The enterprise information processing capability indicators, including the industry dependence of software product customers and the staff size of software vendors accelerate the patch R&D. The number of products affected by the vulnerabilities and the number of software copyrights of software vendors have no significant impact on patch R&D.
Keywords: Patch R&D, vulnerability information disclosure, information processing theory, third-party vulnerability sharing platforms
DOI: 10.3233/JIFS-221316
Journal: Journal of Intelligent & Fuzzy Systems, vol. 44, no. 1, pp. 839-853, 2023
IOS Press, Inc.
6751 Tepper Drive
Clifton, VA 20124
USA
Tel: +1 703 830 6300
Fax: +1 703 830 2300
[email protected]
For editorial issues, like the status of your submitted paper or proposals, write to [email protected]
IOS Press
Nieuwe Hemweg 6B
1013 BG Amsterdam
The Netherlands
Tel: +31 20 688 3355
Fax: +31 20 687 0091
[email protected]
For editorial issues, permissions, book requests, submissions and proceedings, contact the Amsterdam office [email protected]
Inspirees International (China Office)
Ciyunsi Beili 207(CapitaLand), Bld 1, 7-901
100025, Beijing
China
Free service line: 400 661 8717
Fax: +86 10 8446 7947
[email protected]
For editorial issues, like the status of your submitted paper or proposals, write to [email protected]
如果您在出版方面需要帮助或有任何建, 件至: [email protected]