{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,6]],"date-time":"2026-01-06T15:32:53Z","timestamp":1767713573245},"reference-count":51,"publisher":"Informa UK Limited","issue":"4","content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Journal of Management Information Systems"],"published-print":{"date-parts":[[2012,4]]},"DOI":"10.2753\/mis0742-1222280411","type":"journal-article","created":{"date-parts":[[2012,5,5]],"date-time":"2012-05-05T18:28:02Z","timestamp":1336242482000},"page":"305-338","source":"Crossref","is-referenced-by-count":34,"title":["Patch Release Behaviors of Software Vendors in Response to Vulnerabilities: An Empirical Analysis"],"prefix":"10.1080","volume":"28","author":[{"given":"Orcun","family":"Temizkan","sequence":"first","affiliation":[{"name":"a Belk College of Business Administration, University of North Carolina-Charlotte"}]},{"given":"Ram L.","family":"Kumar","sequence":"additional","affiliation":[{"name":"a Belk College of Business Administration, University of North Carolina-Charlotte"}]},{"given":"SungJune","family":"Park","sequence":"additional","affiliation":[{"name":"a Belk College of Business Administration, University of North Carolina-Charlotte"}]},{"given":"Chandrasekar","family":"Subramaniam","sequence":"additional","affiliation":[{"name":"a Belk College of Business Administration, University of North Carolina-Charlotte"}]}],"member":"301","published-online":{"date-parts":[[2014,12,8]]},"reference":[{"key":"1","volume-title":"Survival Analysis Using the SAS System: A Practical Guide","author":"P. Allison","year":"1995"},{"issue":"2","key":"2","doi-asserted-by":"crossref","first-page":"75","DOI":"10.1080\/19393550801953372","article-title":"Information security implications of Sarbanes-Oxley","volume":"17","author":"S. Anand","year":"2008","journal-title":"Information Security Journal: A Global Perspective"},{"issue":"12","key":"3","doi-asserted-by":"crossref","first-page":"52","DOI":"10.1109\/2.889093","article-title":"Windows of vulnerability: A case study analysis","volume":"33","author":"W. Arbaugh","year":"2000","journal-title":"Computer"},{"issue":"3","key":"4","doi-asserted-by":"crossref","first-page":"465","DOI":"10.1287\/mnsc.1050.0440","article-title":"Sell first, fix later: Impact of patching on software quality","volume":"52","author":"A. Arora","year":"2006","journal-title":"Management Science"},{"issue":"5","key":"5","doi-asserted-by":"crossref","first-page":"350","DOI":"10.1007\/s10796-006-9012-5","article-title":"Does information security attack frequency increase with vulnerability disclosure? An empirical analysis","volume":"8","author":"A. Arora","year":"2006","journal-title":"Information Systems Frontiers"},{"issue":"4","key":"6","doi-asserted-by":"crossref","first-page":"642","DOI":"10.1287\/mnsc.1070.0771","article-title":"Optimal policy for software vulnerability disclosure","volume":"54","author":"A. Arora","year":"2008","journal-title":"Management Science"},{"issue":"2","key":"7","doi-asserted-by":"crossref","first-page":"164","DOI":"10.1016\/j.infoecopol.2009.10.002","article-title":"Competition and patching of security vulnerabilities: An empirical analysis","volume":"22","author":"A. Arora","year":"2010","journal-title":"Information Economics and Policy"},{"issue":"1","key":"8","doi-asserted-by":"crossref","first-page":"115","DOI":"10.1287\/isre.1080.0226","article-title":"An empirical analysis of software vendors' patch release behavior: Impact of vulnerability disclosure","volume":"21","author":"A. Arora","year":"2010","journal-title":"Information Systems Research"},{"issue":"1","key":"9","doi-asserted-by":"crossref","first-page":"11","DOI":"10.1109\/TDSC.2004.2","article-title":"Basic concepts and taxonomy of dependable and secure computing","volume":"1","author":"A. Avizienis","year":"2004","journal-title":"IEEE Transactions on Dependable and Secure Computing"},{"issue":"3","key":"10","doi-asserted-by":"crossref","first-page":"219","DOI":"10.1287\/isre.11.3.219.12209","article-title":"The moderating effects of structure on volatility and complexity in software enhancement","volume":"11","author":"R. Banker","year":"2000","journal-title":"Information Systems Research"},{"issue":"4","key":"11","doi-asserted-by":"crossref","first-page":"352","DOI":"10.1287\/isre.1060.0104","article-title":"Understanding the impact of collaboration software on product design and development","volume":"17","author":"R. Banker","year":"2006","journal-title":"Information Systems Research"},{"issue":"4","key":"12","doi-asserted-by":"crossref","first-page":"433","DOI":"10.1287\/mnsc.44.4.433","article-title":"Software development practices, software complexity, and software maintenance performance: A field study","volume":"44","author":"R. Banker","year":"1998","journal-title":"Management Science"},{"issue":"1","key":"13","doi-asserted-by":"crossref","first-page":"7","DOI":"10.1162\/105864001300122548","article-title":"Private politics, corporate social responsibility, and integrated strategy","volume":"10","author":"D. Baron","year":"2001","journal-title":"Journal of Economics & Management Strategy"},{"key":"14","first-page":"233","article-title":"Timing the application of security patches for optimal uptime","author":"S. Beattie","year":"2002"},{"key":"15","volume-title":"Security in Computing Systems: Challenges, Approaches and Solutions","author":"J. Biskup","year":"2009"},{"key":"16","volume-title":"Financial Management: Theory and Practice","author":"E. Brigham","year":"2008"},{"key":"17","doi-asserted-by":"crossref","first-page":"497","DOI":"10.5465\/amr.1979.4498296","article-title":"A three-dimensional conceptual model of corporate social performance","volume":"4","author":"A. Carroll","year":"1979","journal-title":"Academy of Management Review"},{"issue":"3","key":"18","doi-asserted-by":"crossref","first-page":"171","DOI":"10.1109\/TSE.2007.26","article-title":"Efficiency of vulnerability disclosure mechanisms to disseminate vulnerability knowledge","volume":"33","author":"H. Cavusoglu","year":"2007","journal-title":"IEEE Transactions on Software Engineering"},{"issue":"6","key":"19","doi-asserted-by":"crossref","first-page":"85","DOI":"10.1109\/MSP.2006.145","article-title":"Common vulnerability scoring system","volume":"4","author":"R. Chandramouli","year":"2006","journal-title":"IEEE Security & Privacy"},{"issue":"2","key":"20","doi-asserted-by":"crossref","first-page":"187","DOI":"10.1111\/j.2517-6161.1972.tb00899.x","article-title":"Regression models and life tables","volume":"34","author":"D. Cox","year":"1972","journal-title":"Journal of the Royal Statistical Society, Series B (Methodological)"},{"issue":"1","key":"21","doi-asserted-by":"crossref","first-page":"135","DOI":"10.2753\/MIS0742-1222240104","article-title":"Team knowledge and coordination in geographically distributed software development","volume":"24","author":"J. Espinosa","year":"2007","journal-title":"Journal of Management Information Systems"},{"issue":"12","key":"22","doi-asserted-by":"crossref","first-page":"1554","DOI":"10.1287\/mnsc.46.12.1554.12072","article-title":"Coordinating expertise in software development teams","volume":"46","author":"S. Faraj","year":"2000","journal-title":"Management Science"},{"key":"23","volume-title":"Understanding Open Source Software Development","author":"J. Feller","year":"2002"},{"key":"24","doi-asserted-by":"crossref","DOI":"10.4135\/9781412985604","volume-title":"Regression Diagnostics","author":"J. Fox","year":"1991"},{"key":"25","first-page":"535","article-title":"Improving CVSS-based vulnerability prioritization and response with context information","author":"C. Fr\u00fchwirth","year":"2009"},{"key":"26","volume-title":"2006 CSI\/FBI Computer Crime and Security Survey","author":"L. Gordon","year":"2006"},{"key":"27","volume-title":"Applied Survival Analysis: Regression Modeling of Time to Event Data","author":"D. Hosmer","year":"1999"},{"key":"28","article-title":"Estimating impact and frequency of risks to safety and mission critical systems using CVSS","author":"S. Houmb","year":"2008"},{"key":"29","unstructured":"<i>IEEE Standard for Software Maintenance.<\/i> New York: Institute of Electrical and Electronics Engineers, 1993."},{"issue":"3","key":"30","doi-asserted-by":"crossref","first-page":"241","DOI":"10.2753\/MIS0742-1222250307","article-title":"The impact of open source software on the strategic choices of firms developing proprietary software","volume":"25","author":"J. Jaisingh","year":"2008-9","journal-title":"Journal of Management Information Systems"},{"issue":"2","key":"31","doi-asserted-by":"crossref","first-page":"97","DOI":"10.2753\/MIS0742-1222250205","article-title":"Information risk of inadvertent disclosure: An analysis of file-sharing risk in the financial supply chain","volume":"25","author":"M. Johnson","year":"2008","journal-title":"Journal of Management Information Systems"},{"issue":"1","key":"32","doi-asserted-by":"crossref","first-page":"69","DOI":"10.2753\/JEC1086-4415120103","article-title":"Market reactions to information security breach announcements: An empirical analysis","volume":"12","author":"K. Kannan","year":"2007","journal-title":"International Journal of Electronic Commerce"},{"issue":"1","key":"33","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1007\/BF02249043","article-title":"Software complexity and software maintenance: A survey of empirical research","volume":"1","author":"C. Kemerer","year":"1995","journal-title":"Annals of Software Engineering"},{"issue":"1","key":"34","doi-asserted-by":"crossref","first-page":"4","DOI":"10.1109\/24.855532","article-title":"Classification-tree models of software-quality over multiple releases","volume":"49","author":"T. Khoshgoftaar","year":"2000","journal-title":"IEEE Transactions on Reliability"},{"issue":"408","key":"35","doi-asserted-by":"crossref","first-page":"1074","DOI":"10.1080\/01621459.1989.10478874","article-title":"The robust inference for the Cox proportional hazards model","volume":"84","author":"D. Lin","year":"1989","journal-title":"Journal of the American Statistical Association"},{"key":"36","unstructured":"Liu, X., and Iyer, B. Design architecture, developer networks, and performance of open source software projects. In <i>Proceedings of the 2007 International Conference on Information Systems.<\/i> Atlanta: Association for Information Systems, 2007 (available at <a target=\"_blank\" href='http:\/\/aisel.aisnet.org\/icis2007\/90\/'>http:\/\/aisel.aisnet.org\/icis2007\/90\/<\/a>"},{"issue":"3","key":"37","doi-asserted-by":"crossref","first-page":"119","DOI":"10.1049\/iet-ifs:20060055","article-title":"Improving the common vulnerability scoring system","volume":"1","author":"P. Mell","year":"2007","journal-title":"IET Information Security"},{"key":"38","unstructured":"Mell, P.; Scarfone, K.; and Romanosky, S. A complete guide to the Common Vulnerability Scoring System version 2.0. Forum of Incident Response and Security Teams (FIRST), June 2007 (available at <a target=\"_blank\" href='http:\/\/www.first.org\/cvss\/cvss-guide.pdf'>www.first.org\/cvss\/cvss-guide.pdf<\/a>"},{"key":"39","volume-title":"Management Information Systems","author":"J. O'Brien","year":"2008"},{"issue":"12","key":"40","doi-asserted-by":"crossref","first-page":"1503","DOI":"10.1016\/0895-4356(95)00048-8","article-title":"Importance of events per independent variable in proportional hazards regression analysis II: Accuracy and precision of regression estimates","volume":"48","author":"P. Peduzzi","year":"1995","journal-title":"Journal of Clinical Epidemiology"},{"key":"41","volume-title":"Security in Computing","author":"C. Pfleeger","year":"2003"},{"issue":"2","key":"42","doi-asserted-by":"crossref","first-page":"125","DOI":"10.2753\/MIS0742-1222250206","article-title":"The deterrent and displacement effects of information security enforcement: International evidence","volume":"25","author":"I. Png","year":"2008","journal-title":"Journal of Management Information Systems"},{"issue":"1","key":"43","doi-asserted-by":"crossref","first-page":"196","DOI":"10.1016\/S0377-2217(03)00069-9","article-title":"Customer attrition analysis for financial services using proportional hazard models","volume":"157","author":"D. Poel","year":"2004","journal-title":"European Journal of Operational Research"},{"issue":"1","key":"44","doi-asserted-by":"crossref","first-page":"121","DOI":"10.1287\/isre.1080.0174","article-title":"Choice and chance: A conceptual model of paths to information security compromise","volume":"20","author":"S. Ransbotham","year":"2009","journal-title":"Information Systems Research"},{"key":"45","doi-asserted-by":"crossref","DOI":"10.1007\/s12130-999-1026-0","volume-title":"The Cathedral and the Bazaar: Musings on Linux and Open Source by an Accidental Revolutionary","author":"E. Raymond","year":"1999"},{"issue":"3","key":"46","doi-asserted-by":"crossref","first-page":"223","DOI":"10.1080\/07421222.2004.11045814","article-title":"The effects of information technology project complexity on group interaction","volume":"21","author":"T. Roberts","year":"2004-5","journal-title":"Journal of Management Information Systems"},{"issue":"1","key":"47","doi-asserted-by":"crossref","first-page":"233","DOI":"10.2753\/MIS0742-1222240107","article-title":"A strategic analysis of competition between open source and proprietary software","volume":"24","author":"R. Sen","year":"2007","journal-title":"Journal of Management Information Systems"},{"issue":"8","key":"48","doi-asserted-by":"crossref","first-page":"67","DOI":"10.1145\/280324.280335","article-title":"Evaluating the cost of software quality","volume":"41","author":"S. Slaughter","year":"1998","journal-title":"Communications of the ACM"},{"issue":"6","key":"49","doi-asserted-by":"crossref","first-page":"82","DOI":"10.1145\/1349026.1349043","article-title":"Information accountability","volume":"51","author":"D. Weitzner","year":"2008","journal-title":"Communications of the ACM"},{"issue":"4","key":"50","doi-asserted-by":"crossref","first-page":"691","DOI":"10.5465\/amr.1991.4279616","article-title":"Corporate social performance revisited","volume":"16","author":"D. Wood","year":"1991","journal-title":"Academy of Management Review"},{"issue":"1","key":"51","doi-asserted-by":"crossref","first-page":"45","DOI":"10.1080\/07421222.2003.11045831","article-title":"Complexity of information systems development projects: Conceptualization and measurement development","volume":"22","author":"W. Xia","year":"2005","journal-title":"Journal of Management Information Systems"}],"container-title":["Journal of Management Information Systems"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.tandfonline.com\/doi\/pdf\/10.2753\/MIS0742-1222280411","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2019,6,28]],"date-time":"2019-06-28T08:47:30Z","timestamp":1561711650000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.tandfonline.com\/doi\/full\/10.2753\/MIS0742-1222280411"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2012,4]]},"references-count":51,"journal-issue":{"issue":"4","published-online":{"date-parts":[[2014,12,8]]},"published-print":{"date-parts":[[2012,4]]}},"alternative-id":["10.2753\/MIS0742-1222280411"],"URL":"https:\/\/doi.org\/10.2753\/mis0742-1222280411","relation":{},"ISSN":["0742-1222","1557-928X"],"issn-type":[{"value":"0742-1222","type":"print"},{"value":"1557-928X","type":"electronic"}],"subject":[],"published":{"date-parts":[[2012,4]]}}}