Security flaw disclosures harm share prices

Software vendor share prices fall when security flaws are announced, but Microsoft is less affected than other vendors, research has found

The share price of software companies drops when security flaws are found in their products, according to the latest study.

Researchers from Carnegie Mellon University in Pennsylvania found that a vendor's share price drops by an average of 0.63 percent on the day a vulnerability is announced. The results of the study, which tracked 146 vulnerability disclosures for 18 publicly traded software companies, were presented at last week's Workshop on the Economics of Information Security at Harvard University in Massachusetts.

The study found that Microsoft is less affected by this trend than other software vendors, with security vulnerabilities causing only a 0.28 percent reduction in share price, compared with an average of 0.91 percent reduction for all other companies. Microsoft may be treated differently by investors as its products are more widely used and therefore security vulnerabilities are a less reliable indicator of software quality, suggested the report. Alternatively, investors may be less surprised by security holes in Microsoft products, given the way that malicious hackers have targeted its software in the past.

The research was conducted by Rahul Telang, the assistant professor of information systems at Carnegie Mellon University and Sunil Wattal, a research student at the same university.