Which Came First? Contribution Dynamics in Online Production Communities

While considerable research investigates collaboration in online production communities, particularly how and why people join these communities, little research considers the dynamics of the collaborative behavior. This paper explores one such dynamic, the relationship between viewing and contributing. Building on established theories of community involvement, this paper argues that a recursive relationship exists, resulting in a mutually reinforcing cycle where more contributors lead to more viewers and, in turn, more viewers lead to more contributors. We also analyze the effect of time and anonymity within this dynamic relationship. This paper offers guidance for research into online production communities that builds on the large behavioral data these communities generate

Should people who discover a software vulnerability make the information public?

Full disclosure leads to attacks, but attack activity ends sooner, write Sam Ransbotham and Sabyasachi Mitr

Are Markets for Vulnerabilities Effective?

Security vulnerabilities are inextricably linked to information systems. Unable to eliminate these vulnerabilities, the security community is left to minimize their impact. Unfortunately, current reward structures may be skewed towards benefiting nefarious usage of vulnerability information rather than responsible disclosure. Recently suggested market-based mechanisms offer some hope by providing incentives to responsible security researchers. However, concerns exist that any benefits gained through increased incentives may be more than lost through information leakage. Using two years of security alert data, we examine the effectiveness of market-based mechanisms. While market-mechanisms do not reduce the likelihood that a vulnerability will be exploited, we find evidence that markets increase the time to vulnerability exploit and decrease the overall volume of alerts

DOES INFORMATION TECHNOLOGY INCREASE OR DECREASE HOSPITALS’ RISK? AN EMPIRICAL EXAMINATION OF COMPUTERIZED PHYSICIAN ORDER ENTRY AND MALPRACTICE CLAIMS

Information technology (IT) has significant potential to improve the quality of patient care, to lower costs, and to improve efficiency. However, IT leaves an electronic paper trail that may demonstrate negligence and thereby create legal risk. Emerging research suggests that this fear of electronic discovery is delaying IT adoption, thereby perpetuating inefficiencies. Is this fear founded? If it is, then policy changes are needed to remove this obstacle to streamlining the healthcare system. If not, then healthcare providers should move ahead to realize IT benefits without being stymied by irrational fears. We examined the relationship between Computerized Physician Order Entry (CPOE) and malpractice claims against hospitals in Florida between 1999 and 2006. CPOE reduces the number, severity, and disposition time of claims, while having no effect on the amounts paid. This indicates that CPOE reduces hospital legal risk, suggesting that fears of increased legal risk due to IT are unfounded

Target Age and the Valuation of Innovation Acquisitions in High Technology Industries

External acquisition of new technology is a growing trend in the innovation process in information technology industries. Despite its importance, there has been little empirical research on the timing of strategic decisions when opportunities arise. Should firms acquire early to avoid higher prices when the technology and its usage are more mature, or should they wait until a proven track record is established so that a better valuation of the opportunity can be obtained? Through a combination of real options, complementary assets, and dynamic capabilities perspectives, we derive our hypotheses on the impact of target age on the value created for the buyer. Applying an event study methodology to new technology acquisitions in the telecommunications industry from 1995 to 2001, we find evidence that supports acquiring early in the face of uncertainty. Furthermore, we find that the intellectual property (such as patents held by the target) moderates the impact of target age. Our data set is created by combining data from multiple sources including acquisition announcements, patent data from the U.S. Patents Office, Internet searches on small, privately held targets, and data from standard databases such as Compustat and the Center for Research in Security Prices (CRSP). In summary, the equity markets reward the acquisition of younger companies. While patent ownership by the target does not impact the value creation from younger acquisitions, the equity markets penalize the acquisition of older companies that do not own patents. This research contributes to our understanding of the valuation of technology acquisitions in industries characterized by emerging standards and high levels of uncertainty

The Effects of Information Disclosure Policy on the Diffusion of Security Attacks

With the nearly instantaneous spread of information in modern society, policies regarding the disclosure of sensitive information have become the focus of significant discussion. The fundamental debate centers on tradeoffs inherent in disclosing information that society needs, but that can also be used for nefarious purposes. Using information security as a research context, our empirical study compares attacks based on software vulnerabilities disclosed through full disclosure and limited disclosure mechanisms. We find that full disclosure accelerates the diffusion of attacks and increases the risk of first attack after the vulnerability is reported. Building off our theoretical insights, we discuss the implications of our findings on information disclosure in more general contexts

Social Media and Customer Dialog Management at Starbucks

While listening to and learning from customers has long been recognized as important, social media are fundamentally changing interaction between firms and customers. To help understand this changing interaction, we conceptualize customer dialog management in a Megaphone, Magnet, and Monitor (3-M) framework, with the Megaphone representing firm-to-customer communication, the Magnet customer-to-firm, communication and the Monitor customer-to-customer interaction. This framework provides a structure for understanding the opportunities and risks presented by social media. We describe an in-depth case study of Starbucks, a firm widely regarded as a leader in corporate use of social media. Using the 3-M framework, we identify the challenges social media introduce and offer case-based examples of how to manage these challenges. Based on our analysis, we provide guidelines that can assist firms in navigating the evolving environment of social-media-based customer dialog