Shostack + Friends Blog Archive

 

Emergent Breach Research

I talk about research and next steps, but what do I mean? We’re starting to see academics taking a serious look at the data sets we’ve accumulated here and at Attrition, and that’s awesome. I want to see more papers like:

  • Notification of Data Security Breaches,” by Paul M. Schwartz and Edward J. Janger, forthcoming in Michigan Law Review. [Update: fixed URL]
  • Beyond Media Hype: Empirical Analysis of Disclosed Privacy Breaches 2005-2006 and a DataSet/Database Foundation for Future Work,” [link to http://www.projects.ncassr.org/storage-sec/papers/wesii-3.pdf no longer works] Ragib Hasan and William Yurcik, forthcoming in the Workshop on Securing the Economic Infrastructure [link to http://wesii.econinfosec.org/workshop/ no longer works].
  • And especially, “Is There a Cost to Privacy Breaches? An Event Study” by Alessandro Acquisiti, Allan Friedman and Rahul Telang, not just because their paper is great, but also because they cite us.

The unfettered ability to do research based on shared data is exceptionally powerful, and cool things will emerge.

All of these papers, by the way, are well worth reading.

3 comments on "Emergent Breach Research"

Comments are closed.