Don’t let my Heart bleed!: An event study methodology in Heartbleed vulnerability case.
Independent thesis Advanced level (degree of Master (One Year)), 10 credits / 15 HE creditsStudent thesis
Due to the rapid evolution of technology, IT software has become incredibly complex. However the human factor still has a very important role on the application of it, since people are responsible to create software. Consequently, software vulnerabilities represent inevitable drawbacks, found to cost extremely large amounts of money to the companies. “Heartbleed” is a recently discovered vulnerability with no prior investigation that answers questions about the impact it has to the companies affected. This paper focuses on the impact of it on the market value of the companies who participated in the vulnerability disclosure process with the help of an event study methodology. Furthermore our analysis investigates if there is a different affection to the value of the company based on the roles those companies had in the process. Our results suggest that the market did not punish the companies about the existence of vulnerability. However the general negative reaction of the market to the incident reflects the importance of a strategic vulnerability disclosure plan for such cases.
Place, publisher, year, edition, pages
2014. , 33 p.
Informatik Student Paper Master (INFSPM), 2014.16
software vulnerability, IT risk management, disclosure policies, event study methodology
Information Systems, Social aspects
IdentifiersURN: urn:nbn:se:umu:diva-90126OAI: oai:DiVA.org:umu-90126DiVA: diva2:726055
Swedish Armed Forces
Master's Programme in IT Management
Wimelius, Henrik, Senior lecturer
Jonsson, Katrin, Senior lecturer