Should people who discover a software vulnerability make the information public?

Full disclosure leads to attacks, but attack activity ends sooner, write Sam Ransbotham and Sabyasachi Mitr

How can SMEs benefit from big data? Challenges and a path forward

Big data is big news, and large companies in all sectors are making significant advances in their customer relations, product selection and development and consequent profitability through using this valuable commodity. Small and medium enterprises (SMEs) have proved themselves to be slow adopters of the new technology of big data analytics and are in danger of being left behind. In Europe, SMEs are a vital part of the economy, and the challenges they encounter need to be addressed as a matter of urgency. This paper identifies barriers to SME uptake of big data analytics and recognises their complex challenge to all stakeholders, including national and international policy makers, IT, business management and data science communities. The paper proposes a big data maturity model for SMEs as a first step towards an SME roadmap to data analytics. It considers the ‘state-of-the-art’ of IT with respect to usability and usefulness for SMEs and discusses how SMEs can overcome the barriers preventing them from adopting existing solutions. The paper then considers management perspectives and the role of maturity models in enhancing and structuring the adoption of data analytics in an organisation. The history of total quality management is reviewed to inform the core aspects of implanting a new paradigm. The paper concludes with recommendations to help SMEs develop their big data capability and enable them to continue as the engines of European industrial and business success. Copyright © 2016 John Wiley & Sons, Ltd.Peer ReviewedPostprint (author's final draft

Preserving Location Privacy for Mobile Phones with Homomorphic Encryption: The False Position Protocol

Sharing sensitive information, such as location data, or health data, is a complex problem. While users may desire the benefits of application that use sensitive information, adoption may be limited by user reluctance to share sensitive data with untrusted third parties. We propose the False Position Protocol, a decentralized algorithm that allows users to reveal information such as location to trusted partners through a homomorphic encryption identification process. The algorithm offers reduced computational complexity while maintaining resilience despite potential malicious actors. Potential applications of the proposed two-party sharing protocol include connecting in social networks, exchanging health information, geotagging content, as well as proximity testing for media content delivery

Which Came First? Contribution Dynamics in Online Production Communities

While considerable research investigates collaboration in online production communities, particularly how and why people join these communities, little research considers the dynamics of the collaborative behavior. This paper explores one such dynamic, the relationship between viewing and contributing. Building on established theories of community involvement, this paper argues that a recursive relationship exists, resulting in a mutually reinforcing cycle where more contributors lead to more viewers and, in turn, more viewers lead to more contributors. We also analyze the effect of time and anonymity within this dynamic relationship. This paper offers guidance for research into online production communities that builds on the large behavioral data these communities generate

Knowledge Entrepreneurship: Institutionalising Wiki-based Knowledge-management Processes in Competitive and Hierarchical Organisations

Social media in general and wikis in particular offer unique opportunities for knowledge management. Despite widely publicised successes in public settings, wikis in businesses evince mixed results; enterprises struggle to apply wikis to institutionalise knowledge-management practices. We investigate the inherent tensions underlying knowledge-sharing in competitive and hierarchical organisations. Our application of the multi-level organisational learning framework demonstrates that, although wikis facilitate some important learning stages, other critical challenges remain. A unique blend of project leadership can facilitate the institutionalisation of wiki-based knowledge-management processes. To observe the leadership archetype, we use a longitudinal case study of wiki use within a division of NBC Universal. On the basis of our observations, we propose a new archetype of project leadership called Knowledge Entrepreneurship that integrates managerial skills, technology affordances, and critical factors in knowledge-management processes

Are Markets for Vulnerabilities Effective?

Security vulnerabilities are inextricably linked to information systems. Unable to eliminate these vulnerabilities, the security community is left to minimize their impact. Unfortunately, current reward structures may be skewed towards benefiting nefarious usage of vulnerability information rather than responsible disclosure. Recently suggested market-based mechanisms offer some hope by providing incentives to responsible security researchers. However, concerns exist that any benefits gained through increased incentives may be more than lost through information leakage. Using two years of security alert data, we examine the effectiveness of market-based mechanisms. While market-mechanisms do not reduce the likelihood that a vulnerability will be exploited, we find evidence that markets increase the time to vulnerability exploit and decrease the overall volume of alerts