Cybersecurity Information Sharing: Analysing an Email Corpus of Coordinated Vulnerability Disclosure

Kiran Sridhar, Allen Householder, Jonathan Spring, Daniel W. Woods

Research output: Contribution to conferencePaperpeer-review

Abstract / Description of output

Information sharing is widely held to improve cybersecurity outcomes whether its driven by market forces or by cooperation among firms and individuals. Formal institutions may be established to facilitate cooperative information sharing. This paper presents a case-study of such an institution, the CERT Coordination Center (CERT/CC), and provides quantitative insights based on the meta data of 434K emails passing through CERT/CC since 1993. Our longitudinal results show how the volume and proportion of emails about different products and vendors has varied over time. We also analyse the distributions of information sharing volume, participation, and duration across 46K vulnerabilities. Finally, we run regressions to understand how the volume of information sharing and decision to coordinate vary based on properties of the vulnerability and the affected vendors. We discuss what has changed, the appropriateness of a competitive or cooperative framing, and limitations.
Original languageEnglish
Number of pages39
Publication statusPublished - 28 Jun 2021
EventThe 20th Annual Workshop on the Economics of Information Security - Online
Duration: 28 Jun 202129 Jun 2021
Conference number: 20
https://weis2021.econinfosec.org/

Conference

ConferenceThe 20th Annual Workshop on the Economics of Information Security
Abbreviated titleWEIS 2021
Period28/06/2129/06/21
Internet address

Fingerprint

Dive into the research topics of 'Cybersecurity Information Sharing: Analysing an Email Corpus of Coordinated Vulnerability Disclosure'. Together they form a unique fingerprint.

Cite this