MIS Research

Resources

Seminar Series
Gartner Group Research
(accessible from Temple machines only)

Recent Research

Municipal Broadband Wireless Networks: Realizing the Vision of Anytime, Anywhere Connectivity
Closing the Gap: Toward A Process Model of Post-Merger Knowledge Sharing
Wakes of Innovation in Project Networks: The Case of Digital 3-D Representations in Architecture, Engineering, and Construction
Impact of Software Vulnerability Announcements on the Market Value of Software Vendors – an Empirical Investigation
"How May I Help You?" Politeness in Computer-Mediated and Face-to-Face Library Reference Transactions
The Impact of Knowledge Coordination on Virtual Team Performance Over Time
Government as Catalyst: Can it Work Again with Wireless Internet Access?

Research Archive

Impact of Software Vulnerability Announcements on the Market Value of Software Vendors – an Empirical Investigation

Sunil Wattal
With Rahul Telang (Carnegie Mellon University)

Abstract

Security defects in software cost millions of dollars to firms in terms of downtime, disruptions, and confidentiality breaches. However, the economic implications of these defects for software vendors are not well understood. Lack of legal liability and the presence of switching costs and network externalities may protect software vendors from incurring significant costs in the event of a vulnerability announcement, unlike such industries as auto and pharmaceuticals, which have been known to suffer significant loss in market value in the event of a defect announcement. Although research in software economics has studied firms’ incentives to improve overall quality, there have not been any studies which show that software vendors have an incentive to invest in building more secure software.

The objectives of this paper are two-fold. One, we examine how a software vendor’s market value changes when a vulnerability in announced. Two, we examine how firm and vulnerability characteristics mediate the change in the market value of a vendor. We collect data from leading national newspapers and industry sources such as CERT (Computer Emergency Response Team) by searching for reports on published software vulnerabilities. We show that vulnerability announcements lead to a negative and significant change in a software vendor’s market value. In our sample, on average, a vendor loses around 0.6 percent value in stock price when a vulnerability is reported. We find that a software vendor loses more market share if the market is competitive or if the vendor is small. To provide further insight we use the information content of the disclosure announcement to classify vulnerabilities into various types. We find that the change in stock price is more negative if the vendor fails to provide a patch at the time of disclosure. Also, more severe flaws have a significantly greater impact. Our analysis provides many interesting implications for software vendors as well as policy makers. In particular, our study provides some evidence of the value of secure software.

Published August 2007 in:

Problems with this page? Report errors or omissions here...

Department of Management Information Systems

Fox School of Business and Management

Temple University

210 Speakman Hall

1810 N 13th Street

Philadelphia, PA 19122

Recent Research

Impact of Software Vulnerability Announcements on the Market Value of Software Vendors – an Empirical Investigation

Sunil WattalWith Rahul Telang (Carnegie Mellon University)

Abstract

Sunil Wattal
With Rahul Telang (Carnegie Mellon University)