Should people who discover a software vulnerability make the information public?

Full disclosure leads to attacks, but attack activity ends sooner, write Sam Ransbotham and Sabyasachi Mitr

Preserving Location Privacy for Mobile Phones with Homomorphic Encryption: The False Position Protocol

Sharing sensitive information, such as location data, or health data, is a complex problem. While users may desire the benefits of application that use sensitive information, adoption may be limited by user reluctance to share sensitive data with untrusted third parties. We propose the False Position Protocol, a decentralized algorithm that allows users to reveal information such as location to trusted partners through a homomorphic encryption identification process. The algorithm offers reduced computational complexity while maintaining resilience despite potential malicious actors. Potential applications of the proposed two-party sharing protocol include connecting in social networks, exchanging health information, geotagging content, as well as proximity testing for media content delivery

Which Came First? Contribution Dynamics in Online Production Communities

While considerable research investigates collaboration in online production communities, particularly how and why people join these communities, little research considers the dynamics of the collaborative behavior. This paper explores one such dynamic, the relationship between viewing and contributing. Building on established theories of community involvement, this paper argues that a recursive relationship exists, resulting in a mutually reinforcing cycle where more contributors lead to more viewers and, in turn, more viewers lead to more contributors. We also analyze the effect of time and anonymity within this dynamic relationship. This paper offers guidance for research into online production communities that builds on the large behavioral data these communities generate

Knowledge Entrepreneurship: Institutionalising Wiki-based Knowledge-management Processes in Competitive and Hierarchical Organisations

Social media in general and wikis in particular offer unique opportunities for knowledge management. Despite widely publicised successes in public settings, wikis in businesses evince mixed results; enterprises struggle to apply wikis to institutionalise knowledge-management practices. We investigate the inherent tensions underlying knowledge-sharing in competitive and hierarchical organisations. Our application of the multi-level organisational learning framework demonstrates that, although wikis facilitate some important learning stages, other critical challenges remain. A unique blend of project leadership can facilitate the institutionalisation of wiki-based knowledge-management processes. To observe the leadership archetype, we use a longitudinal case study of wiki use within a division of NBC Universal. On the basis of our observations, we propose a new archetype of project leadership called Knowledge Entrepreneurship that integrates managerial skills, technology affordances, and critical factors in knowledge-management processes

Are Markets for Vulnerabilities Effective?

Security vulnerabilities are inextricably linked to information systems. Unable to eliminate these vulnerabilities, the security community is left to minimize their impact. Unfortunately, current reward structures may be skewed towards benefiting nefarious usage of vulnerability information rather than responsible disclosure. Recently suggested market-based mechanisms offer some hope by providing incentives to responsible security researchers. However, concerns exist that any benefits gained through increased incentives may be more than lost through information leakage. Using two years of security alert data, we examine the effectiveness of market-based mechanisms. While market-mechanisms do not reduce the likelihood that a vulnerability will be exploited, we find evidence that markets increase the time to vulnerability exploit and decrease the overall volume of alerts

DOES INFORMATION TECHNOLOGY INCREASE OR DECREASE HOSPITALS’ RISK? AN EMPIRICAL EXAMINATION OF COMPUTERIZED PHYSICIAN ORDER ENTRY AND MALPRACTICE CLAIMS

Information technology (IT) has significant potential to improve the quality of patient care, to lower costs, and to improve efficiency. However, IT leaves an electronic paper trail that may demonstrate negligence and thereby create legal risk. Emerging research suggests that this fear of electronic discovery is delaying IT adoption, thereby perpetuating inefficiencies. Is this fear founded? If it is, then policy changes are needed to remove this obstacle to streamlining the healthcare system. If not, then healthcare providers should move ahead to realize IT benefits without being stymied by irrational fears. We examined the relationship between Computerized Physician Order Entry (CPOE) and malpractice claims against hospitals in Florida between 1999 and 2006. CPOE reduces the number, severity, and disposition time of claims, while having no effect on the amounts paid. This indicates that CPOE reduces hospital legal risk, suggesting that fears of increased legal risk due to IT are unfounded