{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,18]],"date-time":"2026-03-18T03:37:18Z","timestamp":1773805038384,"version":"3.50.1"},"reference-count":19,"publisher":"Springer Science and Business Media LLC","issue":"5","license":[{"start":{"date-parts":[[2006,11,22]],"date-time":"2006-11-22T00:00:00Z","timestamp":1164153600000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Inf Syst Front"],"published-print":{"date-parts":[[2007,1,8]]},"DOI":"10.1007\/s10796-006-9012-5","type":"journal-article","created":{"date-parts":[[2006,11,21]],"date-time":"2006-11-21T21:56:39Z","timestamp":1164146199000},"page":"350-362","source":"Crossref","is-referenced-by-count":72,"title":["Does information security attack frequency increase with vulnerability disclosure? An empirical analysis"],"prefix":"10.1007","volume":"8","author":[{"given":"Ashish","family":"Arora","sequence":"first","affiliation":[]},{"given":"Anand","family":"Nandkumar","sequence":"additional","affiliation":[]},{"given":"Rahul","family":"Telang","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2006,11,22]]},"reference":[{"key":"9012_CR1","unstructured":"Arbaugh, W. A., Browne, H. K., McHugh, J., & Fithen, W. (2000a). A trend analysis of exploitations. University of Maryland working paper UMIACS-TR-2000-76."},{"key":"9012_CR2","first-page":"52","volume":"33","author":"W. A. Arbaugh","year":"2000","unstructured":"Arbaugh, W. A., Fithen, W. L., & McHugh, J. (2000b). Windows of vulnerability: A case study analysis. IEEE Computer, 33 (December), 52\u201359.","journal-title":"IEEE Computer"},{"key":"9012_CR3","unstructured":"Arora, A., Krishnan, R., Telang, R., & Yang, Y. (2005). An empirical analysis of vendor response to disclosure policy. The 4th annual workshop on economics of information security (WEIS05). Harvard University."},{"key":"9012_CR4","unstructured":"Arora, A., Telang, R., & Xu, H. (2004). Optimal policy for software vulnerability disclosure. The 3rd annual workshop on economics and information security (WEIS04). University of Minnesota."},{"key":"9012_CR5","unstructured":"Elias, L. (2001). Full disclosure is a necessary evil. SecurityFocus.com. http:\/\/www.securityfocus.com\/news\/238 ."},{"key":"9012_CR6","unstructured":"Farrow, R. (2000). The pros and cons of posting vulnerability. The network magazine. http:\/\/www.networkmagazine.com\/shared\/article ."},{"key":"9012_CR7","unstructured":"Gordon, S., & Ford, R. (1999). When worlds collide: Information sharing for the security and anti-virus communities. IBM research paper."},{"issue":"4","key":"9012_CR8","doi-asserted-by":"crossref","first-page":"438","DOI":"10.1145\/581271.581274","volume":"5","author":"L. A. Gordon","year":"2002","unstructured":"Gordon, L. A., & Loeb, M. P. (November 2002). The economics of information security investment. ACM Transactions on Information and System Security, 5(4), 438\u2013457.","journal-title":"ACM Transactions on Information and System Security"},{"key":"9012_CR9","unstructured":"Howard, J. (1997). An analysis of security incidents on the internet 1989\u20131995. Dissertation, Carnegie Mellon University. http:\/\/www.cert.org\/research\/JHThesis\/Start.htm ."},{"issue":"5","key":"9012_CR10","doi-asserted-by":"crossref","first-page":"726","DOI":"10.1287\/mnsc.1040.0357","volume":"51","author":"K. Kannan","year":"2005","unstructured":"Kannan, K., & Telang, R. (2005). Market for vulnerabilities? Think again. Management Science, 51(5), 726\u2013740.","journal-title":"Management Science"},{"key":"9012_CR11","unstructured":"Krsul, I., Spafford, E., & Tripunitara, M. (1998). Computer vulnerability analysis. Technical report, Department of Computer Science, Purdue University, May 1998. http:\/\/www.citeseer.nj.nec.com\/krsul98computer.html ."},{"key":"9012_CR12","unstructured":"Leyden, J. (2002). Show us the bugs\u2014users want full disclosure. The register. http:\/\/www.theregister.co.uk\/2002\/07\/08\/show_us_the_bugs_users\/ ."},{"key":"9012_CR13","unstructured":"Rescorla, E. (2003). Security holes... Who cares? 12th Usenix security symposium, Washington, DC."},{"key":"9012_CR14","unstructured":"Rescorla, E. (2004). Is finding security holes a good idea? 3rd Annual workshop on economics of information security (WEIS04). University of Minnesota."},{"key":"9012_CR15","doi-asserted-by":"crossref","unstructured":"Schechter, S. E., & Smith, M. D. (2003). How much security is enough to stop a thief? The economics of outsider theft via computer systems and networks. The Seventh International Financial Cryptography Conference, Gosier, Guadeloupe College Park, MD. May, 2003.","DOI":"10.1007\/978-3-540-45126-6_9"},{"key":"9012_CR16","unstructured":"Schneier, B. (2000). Full disclosure and the window of exposure. In CRYPTO-GRAM."},{"key":"9012_CR17","unstructured":"Seltzer, L. (2004). How should researchers handle exploit code? eWeek. http:\/\/www.eweek.com\/article2\/0,1759,1580077,00.asp ."},{"key":"9012_CR18","unstructured":"Spitzner, L. (2001). Know your enemy: Revealing the security tools, tactics, and motives of the blackhat community. Addison-Wesley."},{"key":"9012_CR19","doi-asserted-by":"crossref","unstructured":"Telang, R., & Wattal, S. (2005). Impact of software vulnerability announcements on the market value of software vendors\u2014an empirical investigation. The 4th Annual Workshop on Economics of Information Security (WEIS05). Harvard University.","DOI":"10.2139\/ssrn.677427"}],"container-title":["Information Systems Frontiers"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/s10796-006-9012-5.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/link.springer.com\/article\/10.1007\/s10796-006-9012-5\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/s10796-006-9012-5","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2019,5,31]],"date-time":"2019-05-31T00:36:07Z","timestamp":1559262967000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/s10796-006-9012-5"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2006,11,22]]},"references-count":19,"journal-issue":{"issue":"5","published-print":{"date-parts":[[2007,1,8]]}},"alternative-id":["9012"],"URL":"https:\/\/doi.org\/10.1007\/s10796-006-9012-5","relation":{},"ISSN":["1387-3326","1572-9419"],"issn-type":[{"value":"1387-3326","type":"print"},{"value":"1572-9419","type":"electronic"}],"subject":[],"published":{"date-parts":[[2006,11,22]]}}}