Security flaws sink software vendors' stock

The share price of software companies drops noticeably when security flaws are found in their products, according a recent study.

Researchers from Carnegie Mellon University in Pennsylvania found that a vendor's share price falls by an average of 0.63 per cent on the day a vulnerability is announced.

The results of the study, which tracked 146 vulnerability disclosures for 18 publicly traded software companies, were presented at last week's Workshop on the Economics of Information Security at Harvard University in Cambridge, Massachusetts.

Microsoft is less affected by this trend than other software vendors, though. Security vulnerabilities cause Redmond only a 0.28 per cent reduction in share price, compared with an average drop of 0.91 per cent for all other companies.

The report suggests investors may treat Microsoft differently because its products are widely used and therefore security vulnerabilities are a less reliable indicator of software quality than with other products. Alternatively, investors may be less surprised by security holes in Microsoft products, given their frequency and the way malicious hackers have historically targeted the company's software.

The research was conducted by Rahul Telang, assistant professor of information systems at Carnegie Mellon University, and Sunil Wattal, a research student at the same university.

Ingrid Marson writes for ZDNet UK