Measuring the Cost of Software Vulnerabilities
Enterprises are increasingly considering security as an added cost, making it necessary for those enterprises to see a tangible incentive in adopting security measures. Despite data breach laws, prior studies have suggested that only 4% of reported data breach incidents have resulted in litigation i...
Ausführliche Beschreibung
Autor*in: |
Afsah Anwar [verfasserIn] Aminollah Khormali [verfasserIn] Jinchun Choi [verfasserIn] Hisham Alasmary [verfasserIn] Sung Choi [verfasserIn] Saeed Salem [verfasserIn] DaeHun Nyang [verfasserIn] David Mohaisen [verfasserIn] |
---|
Format: |
E-Artikel |
---|---|
Sprache: |
Englisch |
Erschienen: |
2020 |
---|
Schlagwörter: |
---|
Übergeordnetes Werk: |
In: EAI Endorsed Transactions on Security and Safety - European Alliance for Innovation (EAI), 2016, 7(2020), 23 |
---|---|
Übergeordnetes Werk: |
volume:7 ; year:2020 ; number:23 |
Links: |
---|
DOI / URN: |
10.4108/eai.13-7-2018.164551 |
---|
Katalog-ID: |
DOAJ005754739 |
---|
LEADER | 01000caa a22002652 4500 | ||
---|---|---|---|
001 | DOAJ005754739 | ||
003 | DE-627 | ||
005 | 20230309194246.0 | ||
007 | cr uuu---uuuuu | ||
008 | 230225s2020 xx |||||o 00| ||eng c | ||
024 | 7 | |a 10.4108/eai.13-7-2018.164551 |2 doi | |
035 | |a (DE-627)DOAJ005754739 | ||
035 | |a (DE-599)DOAJ6e39bbbab3e74274b65b5d6d1818f07e | ||
040 | |a DE-627 |b ger |c DE-627 |e rakwb | ||
041 | |a eng | ||
100 | 0 | |a Afsah Anwar |e verfasserin |4 aut | |
245 | 1 | 0 | |a Measuring the Cost of Software Vulnerabilities |
264 | 1 | |c 2020 | |
336 | |a Text |b txt |2 rdacontent | ||
337 | |a Computermedien |b c |2 rdamedia | ||
338 | |a Online-Ressource |b cr |2 rdacarrier | ||
520 | |a Enterprises are increasingly considering security as an added cost, making it necessary for those enterprises to see a tangible incentive in adopting security measures. Despite data breach laws, prior studies have suggested that only 4% of reported data breach incidents have resulted in litigation in federal courts, showing the limited legal ramifications of security breaches and vulnerabilities. In this paper, we study the hidden cost of software vulnerabilities reported in the National Vulnerability Database (NVD) through stock price analysis. We perform a high-fidelity data augmentation to ensure data reliability and to estimate vulnerability disclosure dates as a baseline for estimating the implication of software vulnerabilities. We further build a model for stock price prediction using the nonlinear autoregressive neural network with exogenous factors (NARX) Neural Network model to estimate the effect of vulnerability disclosure on the stock price. Compared to prior work, which relies on linear regression models, our approach is shown to provide better prediction performance. Our analysis also shows that the effect of vulnerabilities on vendors varies, and greatly depends on the specific software industry. Whereas some industries are shown statistically to be affected negatively by the release of software vulnerabilities, even when those vulnerabilities are not broadly covered by the media, some others were not affected at all. | ||
650 | 4 | |a vulnerability economics | |
650 | 4 | |a stock return prediction | |
650 | 4 | |a nvd | |
653 | 0 | |a Technology | |
653 | 0 | |a T | |
700 | 0 | |a Aminollah Khormali |e verfasserin |4 aut | |
700 | 0 | |a Jinchun Choi |e verfasserin |4 aut | |
700 | 0 | |a Hisham Alasmary |e verfasserin |4 aut | |
700 | 0 | |a Sung Choi |e verfasserin |4 aut | |
700 | 0 | |a Saeed Salem |e verfasserin |4 aut | |
700 | 0 | |a DaeHun Nyang |e verfasserin |4 aut | |
700 | 0 | |a David Mohaisen |e verfasserin |4 aut | |
773 | 0 | 8 | |i In |t EAI Endorsed Transactions on Security and Safety |d European Alliance for Innovation (EAI), 2016 |g 7(2020), 23 |w (DE-627)1685371272 |x 20329393 |7 nnns |
773 | 1 | 8 | |g volume:7 |g year:2020 |g number:23 |
856 | 4 | 0 | |u https://doi.org/10.4108/eai.13-7-2018.164551 |z kostenfrei |
856 | 4 | 0 | |u https://doaj.org/article/6e39bbbab3e74274b65b5d6d1818f07e |z kostenfrei |
856 | 4 | 0 | |u https://eudl.eu/pdf/10.4108/eai.13-7-2018.164551 |z kostenfrei |
856 | 4 | 2 | |u https://doaj.org/toc/2032-9393 |y Journal toc |z kostenfrei |
912 | |a GBV_USEFLAG_A | ||
912 | |a SYSFLAG_A | ||
912 | |a GBV_DOAJ | ||
912 | |a GBV_ILN_11 | ||
912 | |a GBV_ILN_20 | ||
912 | |a GBV_ILN_22 | ||
912 | |a GBV_ILN_23 | ||
912 | |a GBV_ILN_24 | ||
912 | |a GBV_ILN_31 | ||
912 | |a GBV_ILN_39 | ||
912 | |a GBV_ILN_40 | ||
912 | |a GBV_ILN_60 | ||
912 | |a GBV_ILN_62 | ||
912 | |a GBV_ILN_63 | ||
912 | |a GBV_ILN_65 | ||
912 | |a GBV_ILN_69 | ||
912 | |a GBV_ILN_70 | ||
912 | |a GBV_ILN_73 | ||
912 | |a GBV_ILN_95 | ||
912 | |a GBV_ILN_105 | ||
912 | |a GBV_ILN_110 | ||
912 | |a GBV_ILN_151 | ||
912 | |a GBV_ILN_161 | ||
912 | |a GBV_ILN_206 | ||
912 | |a GBV_ILN_213 | ||
912 | |a GBV_ILN_230 | ||
912 | |a GBV_ILN_285 | ||
912 | |a GBV_ILN_293 | ||
912 | |a GBV_ILN_370 | ||
912 | |a GBV_ILN_602 | ||
912 | |a GBV_ILN_2014 | ||
912 | |a GBV_ILN_4012 | ||
912 | |a GBV_ILN_4037 | ||
912 | |a GBV_ILN_4112 | ||
912 | |a GBV_ILN_4125 | ||
912 | |a GBV_ILN_4126 | ||
912 | |a GBV_ILN_4249 | ||
912 | |a GBV_ILN_4305 | ||
912 | |a GBV_ILN_4306 | ||
912 | |a GBV_ILN_4307 | ||
912 | |a GBV_ILN_4313 | ||
912 | |a GBV_ILN_4322 | ||
912 | |a GBV_ILN_4323 | ||
912 | |a GBV_ILN_4324 | ||
912 | |a GBV_ILN_4325 | ||
912 | |a GBV_ILN_4326 | ||
912 | |a GBV_ILN_4335 | ||
912 | |a GBV_ILN_4338 | ||
912 | |a GBV_ILN_4367 | ||
912 | |a GBV_ILN_4700 | ||
951 | |a AR | ||
952 | |d 7 |j 2020 |e 23 |
author_variant |
a a aa a k ak j c jc h a ha s c sc s s ss d n dn d m dm |
---|---|
matchkey_str |
article:20329393:2020----::esrnteotfotaeun |
hierarchy_sort_str |
2020 |
publishDate |
2020 |
allfields |
10.4108/eai.13-7-2018.164551 doi (DE-627)DOAJ005754739 (DE-599)DOAJ6e39bbbab3e74274b65b5d6d1818f07e DE-627 ger DE-627 rakwb eng Afsah Anwar verfasserin aut Measuring the Cost of Software Vulnerabilities 2020 Text txt rdacontent Computermedien c rdamedia Online-Ressource cr rdacarrier Enterprises are increasingly considering security as an added cost, making it necessary for those enterprises to see a tangible incentive in adopting security measures. Despite data breach laws, prior studies have suggested that only 4% of reported data breach incidents have resulted in litigation in federal courts, showing the limited legal ramifications of security breaches and vulnerabilities. In this paper, we study the hidden cost of software vulnerabilities reported in the National Vulnerability Database (NVD) through stock price analysis. We perform a high-fidelity data augmentation to ensure data reliability and to estimate vulnerability disclosure dates as a baseline for estimating the implication of software vulnerabilities. We further build a model for stock price prediction using the nonlinear autoregressive neural network with exogenous factors (NARX) Neural Network model to estimate the effect of vulnerability disclosure on the stock price. Compared to prior work, which relies on linear regression models, our approach is shown to provide better prediction performance. Our analysis also shows that the effect of vulnerabilities on vendors varies, and greatly depends on the specific software industry. Whereas some industries are shown statistically to be affected negatively by the release of software vulnerabilities, even when those vulnerabilities are not broadly covered by the media, some others were not affected at all. vulnerability economics stock return prediction nvd Technology T Aminollah Khormali verfasserin aut Jinchun Choi verfasserin aut Hisham Alasmary verfasserin aut Sung Choi verfasserin aut Saeed Salem verfasserin aut DaeHun Nyang verfasserin aut David Mohaisen verfasserin aut In EAI Endorsed Transactions on Security and Safety European Alliance for Innovation (EAI), 2016 7(2020), 23 (DE-627)1685371272 20329393 nnns volume:7 year:2020 number:23 https://doi.org/10.4108/eai.13-7-2018.164551 kostenfrei https://doaj.org/article/6e39bbbab3e74274b65b5d6d1818f07e kostenfrei https://eudl.eu/pdf/10.4108/eai.13-7-2018.164551 kostenfrei https://doaj.org/toc/2032-9393 Journal toc kostenfrei GBV_USEFLAG_A SYSFLAG_A GBV_DOAJ GBV_ILN_11 GBV_ILN_20 GBV_ILN_22 GBV_ILN_23 GBV_ILN_24 GBV_ILN_31 GBV_ILN_39 GBV_ILN_40 GBV_ILN_60 GBV_ILN_62 GBV_ILN_63 GBV_ILN_65 GBV_ILN_69 GBV_ILN_70 GBV_ILN_73 GBV_ILN_95 GBV_ILN_105 GBV_ILN_110 GBV_ILN_151 GBV_ILN_161 GBV_ILN_206 GBV_ILN_213 GBV_ILN_230 GBV_ILN_285 GBV_ILN_293 GBV_ILN_370 GBV_ILN_602 GBV_ILN_2014 GBV_ILN_4012 GBV_ILN_4037 GBV_ILN_4112 GBV_ILN_4125 GBV_ILN_4126 GBV_ILN_4249 GBV_ILN_4305 GBV_ILN_4306 GBV_ILN_4307 GBV_ILN_4313 GBV_ILN_4322 GBV_ILN_4323 GBV_ILN_4324 GBV_ILN_4325 GBV_ILN_4326 GBV_ILN_4335 GBV_ILN_4338 GBV_ILN_4367 GBV_ILN_4700 AR 7 2020 23 |
spelling |
10.4108/eai.13-7-2018.164551 doi (DE-627)DOAJ005754739 (DE-599)DOAJ6e39bbbab3e74274b65b5d6d1818f07e DE-627 ger DE-627 rakwb eng Afsah Anwar verfasserin aut Measuring the Cost of Software Vulnerabilities 2020 Text txt rdacontent Computermedien c rdamedia Online-Ressource cr rdacarrier Enterprises are increasingly considering security as an added cost, making it necessary for those enterprises to see a tangible incentive in adopting security measures. Despite data breach laws, prior studies have suggested that only 4% of reported data breach incidents have resulted in litigation in federal courts, showing the limited legal ramifications of security breaches and vulnerabilities. In this paper, we study the hidden cost of software vulnerabilities reported in the National Vulnerability Database (NVD) through stock price analysis. We perform a high-fidelity data augmentation to ensure data reliability and to estimate vulnerability disclosure dates as a baseline for estimating the implication of software vulnerabilities. We further build a model for stock price prediction using the nonlinear autoregressive neural network with exogenous factors (NARX) Neural Network model to estimate the effect of vulnerability disclosure on the stock price. Compared to prior work, which relies on linear regression models, our approach is shown to provide better prediction performance. Our analysis also shows that the effect of vulnerabilities on vendors varies, and greatly depends on the specific software industry. Whereas some industries are shown statistically to be affected negatively by the release of software vulnerabilities, even when those vulnerabilities are not broadly covered by the media, some others were not affected at all. vulnerability economics stock return prediction nvd Technology T Aminollah Khormali verfasserin aut Jinchun Choi verfasserin aut Hisham Alasmary verfasserin aut Sung Choi verfasserin aut Saeed Salem verfasserin aut DaeHun Nyang verfasserin aut David Mohaisen verfasserin aut In EAI Endorsed Transactions on Security and Safety European Alliance for Innovation (EAI), 2016 7(2020), 23 (DE-627)1685371272 20329393 nnns volume:7 year:2020 number:23 https://doi.org/10.4108/eai.13-7-2018.164551 kostenfrei https://doaj.org/article/6e39bbbab3e74274b65b5d6d1818f07e kostenfrei https://eudl.eu/pdf/10.4108/eai.13-7-2018.164551 kostenfrei https://doaj.org/toc/2032-9393 Journal toc kostenfrei GBV_USEFLAG_A SYSFLAG_A GBV_DOAJ GBV_ILN_11 GBV_ILN_20 GBV_ILN_22 GBV_ILN_23 GBV_ILN_24 GBV_ILN_31 GBV_ILN_39 GBV_ILN_40 GBV_ILN_60 GBV_ILN_62 GBV_ILN_63 GBV_ILN_65 GBV_ILN_69 GBV_ILN_70 GBV_ILN_73 GBV_ILN_95 GBV_ILN_105 GBV_ILN_110 GBV_ILN_151 GBV_ILN_161 GBV_ILN_206 GBV_ILN_213 GBV_ILN_230 GBV_ILN_285 GBV_ILN_293 GBV_ILN_370 GBV_ILN_602 GBV_ILN_2014 GBV_ILN_4012 GBV_ILN_4037 GBV_ILN_4112 GBV_ILN_4125 GBV_ILN_4126 GBV_ILN_4249 GBV_ILN_4305 GBV_ILN_4306 GBV_ILN_4307 GBV_ILN_4313 GBV_ILN_4322 GBV_ILN_4323 GBV_ILN_4324 GBV_ILN_4325 GBV_ILN_4326 GBV_ILN_4335 GBV_ILN_4338 GBV_ILN_4367 GBV_ILN_4700 AR 7 2020 23 |
allfields_unstemmed |
10.4108/eai.13-7-2018.164551 doi (DE-627)DOAJ005754739 (DE-599)DOAJ6e39bbbab3e74274b65b5d6d1818f07e DE-627 ger DE-627 rakwb eng Afsah Anwar verfasserin aut Measuring the Cost of Software Vulnerabilities 2020 Text txt rdacontent Computermedien c rdamedia Online-Ressource cr rdacarrier Enterprises are increasingly considering security as an added cost, making it necessary for those enterprises to see a tangible incentive in adopting security measures. Despite data breach laws, prior studies have suggested that only 4% of reported data breach incidents have resulted in litigation in federal courts, showing the limited legal ramifications of security breaches and vulnerabilities. In this paper, we study the hidden cost of software vulnerabilities reported in the National Vulnerability Database (NVD) through stock price analysis. We perform a high-fidelity data augmentation to ensure data reliability and to estimate vulnerability disclosure dates as a baseline for estimating the implication of software vulnerabilities. We further build a model for stock price prediction using the nonlinear autoregressive neural network with exogenous factors (NARX) Neural Network model to estimate the effect of vulnerability disclosure on the stock price. Compared to prior work, which relies on linear regression models, our approach is shown to provide better prediction performance. Our analysis also shows that the effect of vulnerabilities on vendors varies, and greatly depends on the specific software industry. Whereas some industries are shown statistically to be affected negatively by the release of software vulnerabilities, even when those vulnerabilities are not broadly covered by the media, some others were not affected at all. vulnerability economics stock return prediction nvd Technology T Aminollah Khormali verfasserin aut Jinchun Choi verfasserin aut Hisham Alasmary verfasserin aut Sung Choi verfasserin aut Saeed Salem verfasserin aut DaeHun Nyang verfasserin aut David Mohaisen verfasserin aut In EAI Endorsed Transactions on Security and Safety European Alliance for Innovation (EAI), 2016 7(2020), 23 (DE-627)1685371272 20329393 nnns volume:7 year:2020 number:23 https://doi.org/10.4108/eai.13-7-2018.164551 kostenfrei https://doaj.org/article/6e39bbbab3e74274b65b5d6d1818f07e kostenfrei https://eudl.eu/pdf/10.4108/eai.13-7-2018.164551 kostenfrei https://doaj.org/toc/2032-9393 Journal toc kostenfrei GBV_USEFLAG_A SYSFLAG_A GBV_DOAJ GBV_ILN_11 GBV_ILN_20 GBV_ILN_22 GBV_ILN_23 GBV_ILN_24 GBV_ILN_31 GBV_ILN_39 GBV_ILN_40 GBV_ILN_60 GBV_ILN_62 GBV_ILN_63 GBV_ILN_65 GBV_ILN_69 GBV_ILN_70 GBV_ILN_73 GBV_ILN_95 GBV_ILN_105 GBV_ILN_110 GBV_ILN_151 GBV_ILN_161 GBV_ILN_206 GBV_ILN_213 GBV_ILN_230 GBV_ILN_285 GBV_ILN_293 GBV_ILN_370 GBV_ILN_602 GBV_ILN_2014 GBV_ILN_4012 GBV_ILN_4037 GBV_ILN_4112 GBV_ILN_4125 GBV_ILN_4126 GBV_ILN_4249 GBV_ILN_4305 GBV_ILN_4306 GBV_ILN_4307 GBV_ILN_4313 GBV_ILN_4322 GBV_ILN_4323 GBV_ILN_4324 GBV_ILN_4325 GBV_ILN_4326 GBV_ILN_4335 GBV_ILN_4338 GBV_ILN_4367 GBV_ILN_4700 AR 7 2020 23 |
allfieldsGer |
10.4108/eai.13-7-2018.164551 doi (DE-627)DOAJ005754739 (DE-599)DOAJ6e39bbbab3e74274b65b5d6d1818f07e DE-627 ger DE-627 rakwb eng Afsah Anwar verfasserin aut Measuring the Cost of Software Vulnerabilities 2020 Text txt rdacontent Computermedien c rdamedia Online-Ressource cr rdacarrier Enterprises are increasingly considering security as an added cost, making it necessary for those enterprises to see a tangible incentive in adopting security measures. Despite data breach laws, prior studies have suggested that only 4% of reported data breach incidents have resulted in litigation in federal courts, showing the limited legal ramifications of security breaches and vulnerabilities. In this paper, we study the hidden cost of software vulnerabilities reported in the National Vulnerability Database (NVD) through stock price analysis. We perform a high-fidelity data augmentation to ensure data reliability and to estimate vulnerability disclosure dates as a baseline for estimating the implication of software vulnerabilities. We further build a model for stock price prediction using the nonlinear autoregressive neural network with exogenous factors (NARX) Neural Network model to estimate the effect of vulnerability disclosure on the stock price. Compared to prior work, which relies on linear regression models, our approach is shown to provide better prediction performance. Our analysis also shows that the effect of vulnerabilities on vendors varies, and greatly depends on the specific software industry. Whereas some industries are shown statistically to be affected negatively by the release of software vulnerabilities, even when those vulnerabilities are not broadly covered by the media, some others were not affected at all. vulnerability economics stock return prediction nvd Technology T Aminollah Khormali verfasserin aut Jinchun Choi verfasserin aut Hisham Alasmary verfasserin aut Sung Choi verfasserin aut Saeed Salem verfasserin aut DaeHun Nyang verfasserin aut David Mohaisen verfasserin aut In EAI Endorsed Transactions on Security and Safety European Alliance for Innovation (EAI), 2016 7(2020), 23 (DE-627)1685371272 20329393 nnns volume:7 year:2020 number:23 https://doi.org/10.4108/eai.13-7-2018.164551 kostenfrei https://doaj.org/article/6e39bbbab3e74274b65b5d6d1818f07e kostenfrei https://eudl.eu/pdf/10.4108/eai.13-7-2018.164551 kostenfrei https://doaj.org/toc/2032-9393 Journal toc kostenfrei GBV_USEFLAG_A SYSFLAG_A GBV_DOAJ GBV_ILN_11 GBV_ILN_20 GBV_ILN_22 GBV_ILN_23 GBV_ILN_24 GBV_ILN_31 GBV_ILN_39 GBV_ILN_40 GBV_ILN_60 GBV_ILN_62 GBV_ILN_63 GBV_ILN_65 GBV_ILN_69 GBV_ILN_70 GBV_ILN_73 GBV_ILN_95 GBV_ILN_105 GBV_ILN_110 GBV_ILN_151 GBV_ILN_161 GBV_ILN_206 GBV_ILN_213 GBV_ILN_230 GBV_ILN_285 GBV_ILN_293 GBV_ILN_370 GBV_ILN_602 GBV_ILN_2014 GBV_ILN_4012 GBV_ILN_4037 GBV_ILN_4112 GBV_ILN_4125 GBV_ILN_4126 GBV_ILN_4249 GBV_ILN_4305 GBV_ILN_4306 GBV_ILN_4307 GBV_ILN_4313 GBV_ILN_4322 GBV_ILN_4323 GBV_ILN_4324 GBV_ILN_4325 GBV_ILN_4326 GBV_ILN_4335 GBV_ILN_4338 GBV_ILN_4367 GBV_ILN_4700 AR 7 2020 23 |
allfieldsSound |
10.4108/eai.13-7-2018.164551 doi (DE-627)DOAJ005754739 (DE-599)DOAJ6e39bbbab3e74274b65b5d6d1818f07e DE-627 ger DE-627 rakwb eng Afsah Anwar verfasserin aut Measuring the Cost of Software Vulnerabilities 2020 Text txt rdacontent Computermedien c rdamedia Online-Ressource cr rdacarrier Enterprises are increasingly considering security as an added cost, making it necessary for those enterprises to see a tangible incentive in adopting security measures. Despite data breach laws, prior studies have suggested that only 4% of reported data breach incidents have resulted in litigation in federal courts, showing the limited legal ramifications of security breaches and vulnerabilities. In this paper, we study the hidden cost of software vulnerabilities reported in the National Vulnerability Database (NVD) through stock price analysis. We perform a high-fidelity data augmentation to ensure data reliability and to estimate vulnerability disclosure dates as a baseline for estimating the implication of software vulnerabilities. We further build a model for stock price prediction using the nonlinear autoregressive neural network with exogenous factors (NARX) Neural Network model to estimate the effect of vulnerability disclosure on the stock price. Compared to prior work, which relies on linear regression models, our approach is shown to provide better prediction performance. Our analysis also shows that the effect of vulnerabilities on vendors varies, and greatly depends on the specific software industry. Whereas some industries are shown statistically to be affected negatively by the release of software vulnerabilities, even when those vulnerabilities are not broadly covered by the media, some others were not affected at all. vulnerability economics stock return prediction nvd Technology T Aminollah Khormali verfasserin aut Jinchun Choi verfasserin aut Hisham Alasmary verfasserin aut Sung Choi verfasserin aut Saeed Salem verfasserin aut DaeHun Nyang verfasserin aut David Mohaisen verfasserin aut In EAI Endorsed Transactions on Security and Safety European Alliance for Innovation (EAI), 2016 7(2020), 23 (DE-627)1685371272 20329393 nnns volume:7 year:2020 number:23 https://doi.org/10.4108/eai.13-7-2018.164551 kostenfrei https://doaj.org/article/6e39bbbab3e74274b65b5d6d1818f07e kostenfrei https://eudl.eu/pdf/10.4108/eai.13-7-2018.164551 kostenfrei https://doaj.org/toc/2032-9393 Journal toc kostenfrei GBV_USEFLAG_A SYSFLAG_A GBV_DOAJ GBV_ILN_11 GBV_ILN_20 GBV_ILN_22 GBV_ILN_23 GBV_ILN_24 GBV_ILN_31 GBV_ILN_39 GBV_ILN_40 GBV_ILN_60 GBV_ILN_62 GBV_ILN_63 GBV_ILN_65 GBV_ILN_69 GBV_ILN_70 GBV_ILN_73 GBV_ILN_95 GBV_ILN_105 GBV_ILN_110 GBV_ILN_151 GBV_ILN_161 GBV_ILN_206 GBV_ILN_213 GBV_ILN_230 GBV_ILN_285 GBV_ILN_293 GBV_ILN_370 GBV_ILN_602 GBV_ILN_2014 GBV_ILN_4012 GBV_ILN_4037 GBV_ILN_4112 GBV_ILN_4125 GBV_ILN_4126 GBV_ILN_4249 GBV_ILN_4305 GBV_ILN_4306 GBV_ILN_4307 GBV_ILN_4313 GBV_ILN_4322 GBV_ILN_4323 GBV_ILN_4324 GBV_ILN_4325 GBV_ILN_4326 GBV_ILN_4335 GBV_ILN_4338 GBV_ILN_4367 GBV_ILN_4700 AR 7 2020 23 |
language |
English |
source |
In EAI Endorsed Transactions on Security and Safety 7(2020), 23 volume:7 year:2020 number:23 |
sourceStr |
In EAI Endorsed Transactions on Security and Safety 7(2020), 23 volume:7 year:2020 number:23 |
format_phy_str_mv |
Article |
institution |
findex.gbv.de |
topic_facet |
vulnerability economics stock return prediction nvd Technology T |
isfreeaccess_bool |
true |
container_title |
EAI Endorsed Transactions on Security and Safety |
authorswithroles_txt_mv |
Afsah Anwar @@aut@@ Aminollah Khormali @@aut@@ Jinchun Choi @@aut@@ Hisham Alasmary @@aut@@ Sung Choi @@aut@@ Saeed Salem @@aut@@ DaeHun Nyang @@aut@@ David Mohaisen @@aut@@ |
publishDateDaySort_date |
2020-01-01T00:00:00Z |
hierarchy_top_id |
1685371272 |
id |
DOAJ005754739 |
language_de |
englisch |
fullrecord |
<?xml version="1.0" encoding="UTF-8"?><collection xmlns="http://www.loc.gov/MARC21/slim"><record><leader>01000caa a22002652 4500</leader><controlfield tag="001">DOAJ005754739</controlfield><controlfield tag="003">DE-627</controlfield><controlfield tag="005">20230309194246.0</controlfield><controlfield tag="007">cr uuu---uuuuu</controlfield><controlfield tag="008">230225s2020 xx |||||o 00| ||eng c</controlfield><datafield tag="024" ind1="7" ind2=" "><subfield code="a">10.4108/eai.13-7-2018.164551</subfield><subfield code="2">doi</subfield></datafield><datafield tag="035" ind1=" " ind2=" "><subfield code="a">(DE-627)DOAJ005754739</subfield></datafield><datafield tag="035" ind1=" " ind2=" "><subfield code="a">(DE-599)DOAJ6e39bbbab3e74274b65b5d6d1818f07e</subfield></datafield><datafield tag="040" ind1=" " ind2=" "><subfield code="a">DE-627</subfield><subfield code="b">ger</subfield><subfield code="c">DE-627</subfield><subfield code="e">rakwb</subfield></datafield><datafield tag="041" ind1=" " ind2=" "><subfield code="a">eng</subfield></datafield><datafield tag="100" ind1="0" ind2=" "><subfield code="a">Afsah Anwar</subfield><subfield code="e">verfasserin</subfield><subfield code="4">aut</subfield></datafield><datafield tag="245" ind1="1" ind2="0"><subfield code="a">Measuring the Cost of Software Vulnerabilities</subfield></datafield><datafield tag="264" ind1=" " ind2="1"><subfield code="c">2020</subfield></datafield><datafield tag="336" ind1=" " ind2=" "><subfield code="a">Text</subfield><subfield code="b">txt</subfield><subfield code="2">rdacontent</subfield></datafield><datafield tag="337" ind1=" " ind2=" "><subfield code="a">Computermedien</subfield><subfield code="b">c</subfield><subfield code="2">rdamedia</subfield></datafield><datafield tag="338" ind1=" " ind2=" "><subfield code="a">Online-Ressource</subfield><subfield code="b">cr</subfield><subfield code="2">rdacarrier</subfield></datafield><datafield tag="520" ind1=" " ind2=" "><subfield code="a">Enterprises are increasingly considering security as an added cost, making it necessary for those enterprises to see a tangible incentive in adopting security measures. Despite data breach laws, prior studies have suggested that only 4% of reported data breach incidents have resulted in litigation in federal courts, showing the limited legal ramifications of security breaches and vulnerabilities. In this paper, we study the hidden cost of software vulnerabilities reported in the National Vulnerability Database (NVD) through stock price analysis. We perform a high-fidelity data augmentation to ensure data reliability and to estimate vulnerability disclosure dates as a baseline for estimating the implication of software vulnerabilities. We further build a model for stock price prediction using the nonlinear autoregressive neural network with exogenous factors (NARX) Neural Network model to estimate the effect of vulnerability disclosure on the stock price. Compared to prior work, which relies on linear regression models, our approach is shown to provide better prediction performance. Our analysis also shows that the effect of vulnerabilities on vendors varies, and greatly depends on the specific software industry. Whereas some industries are shown statistically to be affected negatively by the release of software vulnerabilities, even when those vulnerabilities are not broadly covered by the media, some others were not affected at all.</subfield></datafield><datafield tag="650" ind1=" " ind2="4"><subfield code="a">vulnerability economics</subfield></datafield><datafield tag="650" ind1=" " ind2="4"><subfield code="a">stock return prediction</subfield></datafield><datafield tag="650" ind1=" " ind2="4"><subfield code="a">nvd</subfield></datafield><datafield tag="653" ind1=" " ind2="0"><subfield code="a">Technology</subfield></datafield><datafield tag="653" ind1=" " ind2="0"><subfield code="a">T</subfield></datafield><datafield tag="700" ind1="0" ind2=" "><subfield code="a">Aminollah Khormali</subfield><subfield code="e">verfasserin</subfield><subfield code="4">aut</subfield></datafield><datafield tag="700" ind1="0" ind2=" "><subfield code="a">Jinchun Choi</subfield><subfield code="e">verfasserin</subfield><subfield code="4">aut</subfield></datafield><datafield tag="700" ind1="0" ind2=" "><subfield code="a">Hisham Alasmary</subfield><subfield code="e">verfasserin</subfield><subfield code="4">aut</subfield></datafield><datafield tag="700" ind1="0" ind2=" "><subfield code="a">Sung Choi</subfield><subfield code="e">verfasserin</subfield><subfield code="4">aut</subfield></datafield><datafield tag="700" ind1="0" ind2=" "><subfield code="a">Saeed Salem</subfield><subfield code="e">verfasserin</subfield><subfield code="4">aut</subfield></datafield><datafield tag="700" ind1="0" ind2=" "><subfield code="a">DaeHun Nyang</subfield><subfield code="e">verfasserin</subfield><subfield code="4">aut</subfield></datafield><datafield tag="700" ind1="0" ind2=" "><subfield code="a">David Mohaisen</subfield><subfield code="e">verfasserin</subfield><subfield code="4">aut</subfield></datafield><datafield tag="773" ind1="0" ind2="8"><subfield code="i">In</subfield><subfield code="t">EAI Endorsed Transactions on Security and Safety</subfield><subfield code="d">European Alliance for Innovation (EAI), 2016</subfield><subfield code="g">7(2020), 23</subfield><subfield code="w">(DE-627)1685371272</subfield><subfield code="x">20329393</subfield><subfield code="7">nnns</subfield></datafield><datafield tag="773" ind1="1" ind2="8"><subfield code="g">volume:7</subfield><subfield code="g">year:2020</subfield><subfield code="g">number:23</subfield></datafield><datafield tag="856" ind1="4" ind2="0"><subfield code="u">https://doi.org/10.4108/eai.13-7-2018.164551</subfield><subfield code="z">kostenfrei</subfield></datafield><datafield tag="856" ind1="4" ind2="0"><subfield code="u">https://doaj.org/article/6e39bbbab3e74274b65b5d6d1818f07e</subfield><subfield code="z">kostenfrei</subfield></datafield><datafield tag="856" ind1="4" ind2="0"><subfield code="u">https://eudl.eu/pdf/10.4108/eai.13-7-2018.164551</subfield><subfield code="z">kostenfrei</subfield></datafield><datafield tag="856" ind1="4" ind2="2"><subfield code="u">https://doaj.org/toc/2032-9393</subfield><subfield code="y">Journal toc</subfield><subfield code="z">kostenfrei</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_USEFLAG_A</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">SYSFLAG_A</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_DOAJ</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_11</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_20</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_22</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_23</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_24</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_31</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_39</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_40</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_60</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_62</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_63</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_65</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_69</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_70</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_73</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_95</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_105</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_110</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_151</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_161</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_206</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_213</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_230</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_285</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_293</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_370</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_602</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_2014</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_4012</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_4037</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_4112</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_4125</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_4126</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_4249</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_4305</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_4306</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_4307</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_4313</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_4322</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_4323</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_4324</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_4325</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_4326</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_4335</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_4338</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_4367</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_4700</subfield></datafield><datafield tag="951" ind1=" " ind2=" "><subfield code="a">AR</subfield></datafield><datafield tag="952" ind1=" " ind2=" "><subfield code="d">7</subfield><subfield code="j">2020</subfield><subfield code="e">23</subfield></datafield></record></collection>
|
author |
Afsah Anwar |
spellingShingle |
Afsah Anwar misc vulnerability economics misc stock return prediction misc nvd misc Technology misc T Measuring the Cost of Software Vulnerabilities |
authorStr |
Afsah Anwar |
ppnlink_with_tag_str_mv |
@@773@@(DE-627)1685371272 |
format |
electronic Article |
delete_txt_mv |
keep |
author_role |
aut aut aut aut aut aut aut aut |
collection |
DOAJ |
remote_str |
true |
illustrated |
Not Illustrated |
issn |
20329393 |
topic_title |
Measuring the Cost of Software Vulnerabilities vulnerability economics stock return prediction nvd |
topic |
misc vulnerability economics misc stock return prediction misc nvd misc Technology misc T |
topic_unstemmed |
misc vulnerability economics misc stock return prediction misc nvd misc Technology misc T |
topic_browse |
misc vulnerability economics misc stock return prediction misc nvd misc Technology misc T |
format_facet |
Elektronische Aufsätze Aufsätze Elektronische Ressource |
format_main_str_mv |
Text Zeitschrift/Artikel |
carriertype_str_mv |
cr |
hierarchy_parent_title |
EAI Endorsed Transactions on Security and Safety |
hierarchy_parent_id |
1685371272 |
hierarchy_top_title |
EAI Endorsed Transactions on Security and Safety |
isfreeaccess_txt |
true |
familylinks_str_mv |
(DE-627)1685371272 |
title |
Measuring the Cost of Software Vulnerabilities |
ctrlnum |
(DE-627)DOAJ005754739 (DE-599)DOAJ6e39bbbab3e74274b65b5d6d1818f07e |
title_full |
Measuring the Cost of Software Vulnerabilities |
author_sort |
Afsah Anwar |
journal |
EAI Endorsed Transactions on Security and Safety |
journalStr |
EAI Endorsed Transactions on Security and Safety |
lang_code |
eng |
isOA_bool |
true |
recordtype |
marc |
publishDateSort |
2020 |
contenttype_str_mv |
txt |
author_browse |
Afsah Anwar Aminollah Khormali Jinchun Choi Hisham Alasmary Sung Choi Saeed Salem DaeHun Nyang David Mohaisen |
container_volume |
7 |
format_se |
Elektronische Aufsätze |
author-letter |
Afsah Anwar |
doi_str_mv |
10.4108/eai.13-7-2018.164551 |
author2-role |
verfasserin |
title_sort |
measuring the cost of software vulnerabilities |
title_auth |
Measuring the Cost of Software Vulnerabilities |
abstract |
Enterprises are increasingly considering security as an added cost, making it necessary for those enterprises to see a tangible incentive in adopting security measures. Despite data breach laws, prior studies have suggested that only 4% of reported data breach incidents have resulted in litigation in federal courts, showing the limited legal ramifications of security breaches and vulnerabilities. In this paper, we study the hidden cost of software vulnerabilities reported in the National Vulnerability Database (NVD) through stock price analysis. We perform a high-fidelity data augmentation to ensure data reliability and to estimate vulnerability disclosure dates as a baseline for estimating the implication of software vulnerabilities. We further build a model for stock price prediction using the nonlinear autoregressive neural network with exogenous factors (NARX) Neural Network model to estimate the effect of vulnerability disclosure on the stock price. Compared to prior work, which relies on linear regression models, our approach is shown to provide better prediction performance. Our analysis also shows that the effect of vulnerabilities on vendors varies, and greatly depends on the specific software industry. Whereas some industries are shown statistically to be affected negatively by the release of software vulnerabilities, even when those vulnerabilities are not broadly covered by the media, some others were not affected at all. |
abstractGer |
Enterprises are increasingly considering security as an added cost, making it necessary for those enterprises to see a tangible incentive in adopting security measures. Despite data breach laws, prior studies have suggested that only 4% of reported data breach incidents have resulted in litigation in federal courts, showing the limited legal ramifications of security breaches and vulnerabilities. In this paper, we study the hidden cost of software vulnerabilities reported in the National Vulnerability Database (NVD) through stock price analysis. We perform a high-fidelity data augmentation to ensure data reliability and to estimate vulnerability disclosure dates as a baseline for estimating the implication of software vulnerabilities. We further build a model for stock price prediction using the nonlinear autoregressive neural network with exogenous factors (NARX) Neural Network model to estimate the effect of vulnerability disclosure on the stock price. Compared to prior work, which relies on linear regression models, our approach is shown to provide better prediction performance. Our analysis also shows that the effect of vulnerabilities on vendors varies, and greatly depends on the specific software industry. Whereas some industries are shown statistically to be affected negatively by the release of software vulnerabilities, even when those vulnerabilities are not broadly covered by the media, some others were not affected at all. |
abstract_unstemmed |
Enterprises are increasingly considering security as an added cost, making it necessary for those enterprises to see a tangible incentive in adopting security measures. Despite data breach laws, prior studies have suggested that only 4% of reported data breach incidents have resulted in litigation in federal courts, showing the limited legal ramifications of security breaches and vulnerabilities. In this paper, we study the hidden cost of software vulnerabilities reported in the National Vulnerability Database (NVD) through stock price analysis. We perform a high-fidelity data augmentation to ensure data reliability and to estimate vulnerability disclosure dates as a baseline for estimating the implication of software vulnerabilities. We further build a model for stock price prediction using the nonlinear autoregressive neural network with exogenous factors (NARX) Neural Network model to estimate the effect of vulnerability disclosure on the stock price. Compared to prior work, which relies on linear regression models, our approach is shown to provide better prediction performance. Our analysis also shows that the effect of vulnerabilities on vendors varies, and greatly depends on the specific software industry. Whereas some industries are shown statistically to be affected negatively by the release of software vulnerabilities, even when those vulnerabilities are not broadly covered by the media, some others were not affected at all. |
collection_details |
GBV_USEFLAG_A SYSFLAG_A GBV_DOAJ GBV_ILN_11 GBV_ILN_20 GBV_ILN_22 GBV_ILN_23 GBV_ILN_24 GBV_ILN_31 GBV_ILN_39 GBV_ILN_40 GBV_ILN_60 GBV_ILN_62 GBV_ILN_63 GBV_ILN_65 GBV_ILN_69 GBV_ILN_70 GBV_ILN_73 GBV_ILN_95 GBV_ILN_105 GBV_ILN_110 GBV_ILN_151 GBV_ILN_161 GBV_ILN_206 GBV_ILN_213 GBV_ILN_230 GBV_ILN_285 GBV_ILN_293 GBV_ILN_370 GBV_ILN_602 GBV_ILN_2014 GBV_ILN_4012 GBV_ILN_4037 GBV_ILN_4112 GBV_ILN_4125 GBV_ILN_4126 GBV_ILN_4249 GBV_ILN_4305 GBV_ILN_4306 GBV_ILN_4307 GBV_ILN_4313 GBV_ILN_4322 GBV_ILN_4323 GBV_ILN_4324 GBV_ILN_4325 GBV_ILN_4326 GBV_ILN_4335 GBV_ILN_4338 GBV_ILN_4367 GBV_ILN_4700 |
container_issue |
23 |
title_short |
Measuring the Cost of Software Vulnerabilities |
url |
https://doi.org/10.4108/eai.13-7-2018.164551 https://doaj.org/article/6e39bbbab3e74274b65b5d6d1818f07e https://eudl.eu/pdf/10.4108/eai.13-7-2018.164551 https://doaj.org/toc/2032-9393 |
remote_bool |
true |
author2 |
Aminollah Khormali Jinchun Choi Hisham Alasmary Sung Choi Saeed Salem DaeHun Nyang David Mohaisen |
author2Str |
Aminollah Khormali Jinchun Choi Hisham Alasmary Sung Choi Saeed Salem DaeHun Nyang David Mohaisen |
ppnlink |
1685371272 |
mediatype_str_mv |
c |
isOA_txt |
true |
hochschulschrift_bool |
false |
doi_str |
10.4108/eai.13-7-2018.164551 |
up_date |
2024-07-03T16:55:15.002Z |
_version_ |
1803577684139180032 |
fullrecord_marcxml |
<?xml version="1.0" encoding="UTF-8"?><collection xmlns="http://www.loc.gov/MARC21/slim"><record><leader>01000caa a22002652 4500</leader><controlfield tag="001">DOAJ005754739</controlfield><controlfield tag="003">DE-627</controlfield><controlfield tag="005">20230309194246.0</controlfield><controlfield tag="007">cr uuu---uuuuu</controlfield><controlfield tag="008">230225s2020 xx |||||o 00| ||eng c</controlfield><datafield tag="024" ind1="7" ind2=" "><subfield code="a">10.4108/eai.13-7-2018.164551</subfield><subfield code="2">doi</subfield></datafield><datafield tag="035" ind1=" " ind2=" "><subfield code="a">(DE-627)DOAJ005754739</subfield></datafield><datafield tag="035" ind1=" " ind2=" "><subfield code="a">(DE-599)DOAJ6e39bbbab3e74274b65b5d6d1818f07e</subfield></datafield><datafield tag="040" ind1=" " ind2=" "><subfield code="a">DE-627</subfield><subfield code="b">ger</subfield><subfield code="c">DE-627</subfield><subfield code="e">rakwb</subfield></datafield><datafield tag="041" ind1=" " ind2=" "><subfield code="a">eng</subfield></datafield><datafield tag="100" ind1="0" ind2=" "><subfield code="a">Afsah Anwar</subfield><subfield code="e">verfasserin</subfield><subfield code="4">aut</subfield></datafield><datafield tag="245" ind1="1" ind2="0"><subfield code="a">Measuring the Cost of Software Vulnerabilities</subfield></datafield><datafield tag="264" ind1=" " ind2="1"><subfield code="c">2020</subfield></datafield><datafield tag="336" ind1=" " ind2=" "><subfield code="a">Text</subfield><subfield code="b">txt</subfield><subfield code="2">rdacontent</subfield></datafield><datafield tag="337" ind1=" " ind2=" "><subfield code="a">Computermedien</subfield><subfield code="b">c</subfield><subfield code="2">rdamedia</subfield></datafield><datafield tag="338" ind1=" " ind2=" "><subfield code="a">Online-Ressource</subfield><subfield code="b">cr</subfield><subfield code="2">rdacarrier</subfield></datafield><datafield tag="520" ind1=" " ind2=" "><subfield code="a">Enterprises are increasingly considering security as an added cost, making it necessary for those enterprises to see a tangible incentive in adopting security measures. Despite data breach laws, prior studies have suggested that only 4% of reported data breach incidents have resulted in litigation in federal courts, showing the limited legal ramifications of security breaches and vulnerabilities. In this paper, we study the hidden cost of software vulnerabilities reported in the National Vulnerability Database (NVD) through stock price analysis. We perform a high-fidelity data augmentation to ensure data reliability and to estimate vulnerability disclosure dates as a baseline for estimating the implication of software vulnerabilities. We further build a model for stock price prediction using the nonlinear autoregressive neural network with exogenous factors (NARX) Neural Network model to estimate the effect of vulnerability disclosure on the stock price. Compared to prior work, which relies on linear regression models, our approach is shown to provide better prediction performance. Our analysis also shows that the effect of vulnerabilities on vendors varies, and greatly depends on the specific software industry. Whereas some industries are shown statistically to be affected negatively by the release of software vulnerabilities, even when those vulnerabilities are not broadly covered by the media, some others were not affected at all.</subfield></datafield><datafield tag="650" ind1=" " ind2="4"><subfield code="a">vulnerability economics</subfield></datafield><datafield tag="650" ind1=" " ind2="4"><subfield code="a">stock return prediction</subfield></datafield><datafield tag="650" ind1=" " ind2="4"><subfield code="a">nvd</subfield></datafield><datafield tag="653" ind1=" " ind2="0"><subfield code="a">Technology</subfield></datafield><datafield tag="653" ind1=" " ind2="0"><subfield code="a">T</subfield></datafield><datafield tag="700" ind1="0" ind2=" "><subfield code="a">Aminollah Khormali</subfield><subfield code="e">verfasserin</subfield><subfield code="4">aut</subfield></datafield><datafield tag="700" ind1="0" ind2=" "><subfield code="a">Jinchun Choi</subfield><subfield code="e">verfasserin</subfield><subfield code="4">aut</subfield></datafield><datafield tag="700" ind1="0" ind2=" "><subfield code="a">Hisham Alasmary</subfield><subfield code="e">verfasserin</subfield><subfield code="4">aut</subfield></datafield><datafield tag="700" ind1="0" ind2=" "><subfield code="a">Sung Choi</subfield><subfield code="e">verfasserin</subfield><subfield code="4">aut</subfield></datafield><datafield tag="700" ind1="0" ind2=" "><subfield code="a">Saeed Salem</subfield><subfield code="e">verfasserin</subfield><subfield code="4">aut</subfield></datafield><datafield tag="700" ind1="0" ind2=" "><subfield code="a">DaeHun Nyang</subfield><subfield code="e">verfasserin</subfield><subfield code="4">aut</subfield></datafield><datafield tag="700" ind1="0" ind2=" "><subfield code="a">David Mohaisen</subfield><subfield code="e">verfasserin</subfield><subfield code="4">aut</subfield></datafield><datafield tag="773" ind1="0" ind2="8"><subfield code="i">In</subfield><subfield code="t">EAI Endorsed Transactions on Security and Safety</subfield><subfield code="d">European Alliance for Innovation (EAI), 2016</subfield><subfield code="g">7(2020), 23</subfield><subfield code="w">(DE-627)1685371272</subfield><subfield code="x">20329393</subfield><subfield code="7">nnns</subfield></datafield><datafield tag="773" ind1="1" ind2="8"><subfield code="g">volume:7</subfield><subfield code="g">year:2020</subfield><subfield code="g">number:23</subfield></datafield><datafield tag="856" ind1="4" ind2="0"><subfield code="u">https://doi.org/10.4108/eai.13-7-2018.164551</subfield><subfield code="z">kostenfrei</subfield></datafield><datafield tag="856" ind1="4" ind2="0"><subfield code="u">https://doaj.org/article/6e39bbbab3e74274b65b5d6d1818f07e</subfield><subfield code="z">kostenfrei</subfield></datafield><datafield tag="856" ind1="4" ind2="0"><subfield code="u">https://eudl.eu/pdf/10.4108/eai.13-7-2018.164551</subfield><subfield code="z">kostenfrei</subfield></datafield><datafield tag="856" ind1="4" ind2="2"><subfield code="u">https://doaj.org/toc/2032-9393</subfield><subfield code="y">Journal toc</subfield><subfield code="z">kostenfrei</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_USEFLAG_A</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">SYSFLAG_A</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_DOAJ</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_11</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_20</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_22</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_23</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_24</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_31</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_39</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_40</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_60</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_62</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_63</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_65</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_69</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_70</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_73</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_95</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_105</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_110</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_151</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_161</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_206</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_213</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_230</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_285</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_293</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_370</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_602</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_2014</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_4012</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_4037</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_4112</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_4125</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_4126</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_4249</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_4305</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_4306</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_4307</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_4313</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_4322</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_4323</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_4324</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_4325</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_4326</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_4335</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_4338</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_4367</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_4700</subfield></datafield><datafield tag="951" ind1=" " ind2=" "><subfield code="a">AR</subfield></datafield><datafield tag="952" ind1=" " ind2=" "><subfield code="d">7</subfield><subfield code="j">2020</subfield><subfield code="e">23</subfield></datafield></record></collection>
|
score |
7.3999033 |