Shostack + Friends Blog Archive

Emergent Breach Research

I talk about research and next steps, but what do I mean? We’re starting to see academics taking a serious look at the data sets we’ve accumulated here and at Attrition, and that’s awesome. I want to see more papers like:

• “Notification of Data Security Breaches,” by Paul M. Schwartz and Edward J. Janger, forthcoming in Michigan Law Review. [Update: fixed URL]
• “Beyond Media Hype: Empirical Analysis of Disclosed Privacy Breaches 2005-2006 and a DataSet/Database Foundation for Future Work,” Ragib Hasan and William Yurcik, forthcoming in the Workshop on Securing the Economic Infrastructure.
• And especially, “Is There a Cost to Privacy Breaches? An Event Study” by Alessandro Acquisiti, Allan Friedman and Rahul Telang, not just because their paper is great, but also because they cite us.

The unfettered ability to do research based on shared data is exceptionally powerful, and cool things will emerge.

All of these papers, by the way, are well worth reading.

Originally published by adam on 20 Sep 2006
Last modified on 20 Sep 2006
Categories:   breach analysis   Uncategorized