What it takes to get retweeted: An analysis of software vulnerability messages

Abstract A large body of research has examined the public disclosure of software vulnerability, but little attention has been paid to sharing software vulnerability information on social media. Sharing software vulnerability messages on Twitter indicates that particular messages are perceived by the public valuable enough to share with others. Building on hazard communication and terse messaging literature, this study analyzes the factors impacting the retweeting of software vulnerability related messages. Particularly, this study has two goals: 1) to identify the major content categories contained in software vulnerability related tweets and 2) to understand the impact of tweet content, tweet source, technical features of tweets, as well as software vulnerability features on retweeting the software vulnerability messages. Our analysis suggested five content categories are referred in the tweets: alerts, patch, advisory, exploit, and root-cause. Using a negative binomial regression, we found that several factors jointly influence the retweeting of software vulnerability messages. The findings could be useful for planning about effective message design for communicating the publicly disclosed software vulnerability information to end-users.

[1]  Tudor Dumitras,et al.  Vulnerability Disclosure in the Age of Social Media: Exploiting Twitter for Predicting Real-World Exploits , 2015, USENIX Security Symposium.

[2]  Slim Trabelsi,et al.  Monitoring software vulnerabilities through social networks analysis , 2015, 2015 12th International Joint Conference on e-Business and Telecommunications (ICETE).

[3]  Carter T. Butts,et al.  What it Takes to Get Passed On: Message Content, Style, and Structure as Predictors of Retransmission in the Boston Marathon Bombing Response , 2015, PloS one.

[4]  Carter T. Butts,et al.  A cross-hazard analysis of terse message retransmission on Twitter , 2015, Proceedings of the National Academy of Sciences.

[5]  Ting Wang,et al.  Who will retweet me?: finding retweeters in twitter , 2013, SIGIR.

[6]  Sean Fitzhugh,et al.  Terse message amplification in the Boston bombing response , 2014, ISCRAM.

[7]  Rahul Telang,et al.  Does information security attack frequency increase with vulnerability disclosure? An empirical analysis , 2006, Inf. Syst. Frontiers.

[8]  J. Hilbe Negative Binomial Regression: Preface , 2007 .

[9]  Guy Paul Cooper,et al.  Twitter as a Potential Disaster Risk Reduction Tool. Part III: Evaluating Variables that Promoted Regional Twitter Use for At-risk Populations During the 2013 Hattiesburg F4 Tornado , 2015, PLoS currents.

[10]  Jeong Yeob Han,et al.  Predicting Retweeting Behavior on Breast Cancer Social Networks: Network and Content Characteristics , 2016, Journal of health communication.

[11]  Ramayya Krishnan,et al.  An Empirical Analysis of Software Vendors' Patch Release Behavior: Impact of Vulnerability Disclosure , 2010, Inf. Syst. Res..

[12]  Timothy L. Sellnow,et al.  Terse Messaging and Public Health in the Midst of Natural Disasters: The Case of the Boulder Floods , 2015, Health communication.

[13]  Stefan Stieglitz,et al.  Emotions and Information Diffusion in Social Media—Sentiment of Microblogs and Sharing Behavior , 2013, J. Manag. Inf. Syst..

[14]  Thomas E. Drabek,et al.  Understanding disaster warning responses. , 1999 .

[15]  Guy Paul Cooper,et al.  Twitter as a Potential Disaster Risk Reduction Tool. Part I: Introduction, Terminology, Research and Operational Applications , 2015, PLoS currents.

[16]  Bernard J. Jansen,et al.  Twitter power: Tweets as electronic word of mouth , 2009 .

[17]  Carter T. Butts,et al.  Warning tweets: serial transmission of messages during the warning phase of a disaster event , 2014 .

[18]  Sarah Moreland-Russell,et al.  Diabetes Topics Associated With Engagement on Twitter , 2015, Preventing chronic disease.

[19]  Timothy W. Finin,et al.  CyberTwitter: Using Twitter to generate alerts for cybersecurity threats and vulnerabilities , 2016, 2016 IEEE/ACM International Conference on Advances in Social Networks Analysis and Mining (ASONAM).

[20]  Alfonso Crisci,et al.  Codified Hashtags for Weather Warning on Twitter: an Italian Case Study , 2016, PLoS currents.

[21]  Hao Xu,et al.  Optimal Policy for Software Vulnerability Disclosure , 2008, Manag. Sci..

[22]  Orcun Temizkan,et al.  Patch Release Behaviors of Software Vendors in Response to Vulnerabilities: An Empirical Analysis , 2012, J. Manag. Inf. Syst..

[23]  Gurpreet Dhillon,et al.  Dynamics of Data Breaches in Online Social Networks: Understanding Threats to Organizational Information Security Reputation , 2015, ICIS.

[24]  Jingguo Wang,et al.  Drivers of information security search behavior: An investigation of network attacks and vulnerability disclosures , 2010, TMIS.

[25]  Sam Ransbotham,et al.  Are Markets for Vulnerabilities Effective? , 2012, MIS Q..

[26]  Rahul Telang,et al.  Impact of Software Vulnerability Announcements on the Market Value of Software Vendors - an Empirical Investigation , 2005, WEIS.

[27]  Timothy L. Sellnow,et al.  The Instructional Dynamic of Risk and Crisis Communication: Distinguishing Instructional Messages from Dialogue , 2010 .

[28]  Peng Bao,et al.  Cumulative Effect in Information Diffusion: Empirical Study on a Microblogging Network , 2013, PloS one.

[29]  Sam Ransbotham,et al.  The Impact of Immediate Disclosure on Attack Diffusion and Volume , 2011, WEIS.

[30]  Natalie Lee-San Pang,et al.  WorldEnvironmentDay : A study of content features and visual rhetoric in an environmental movement , 2016 .

[31]  Lu Liu,et al.  Determinants of information retweeting in microblogging , 2012, Internet Res..

[32]  J. S. Stephenson,et al.  When Disaster Strikes1 , 1971 .

[33]  Anthony Patt,et al.  Disaster warning response: the effects of different types of personal experience , 2011, Natural Hazards.

[34]  Pu Li,et al.  An examination of private intermediaries’ roles in software vulnerabilities disclosure , 2007, Inf. Syst. Frontiers.

[35]  Katherine L. Milkman,et al.  What Makes Online Content Viral? , 2012 .

[36]  Jae Eun Chung,et al.  Retweeting in health promotion: Analysis of tweets about Breast Cancer Awareness Month , 2017, Comput. Hum. Behav..

[37]  John H. Sorensen,et al.  Hazard Warning Systems: Review of 20 Years of Progress , 2000 .

[38]  Ed H. Chi,et al.  Want to be Retweeted? Large Scale Analytics on Factors Impacting Retweet in Twitter Network , 2010, 2010 IEEE Second International Conference on Social Computing.

[39]  Christopher B. Mayhorn,et al.  Warning the world of extreme events: A global perspective on risk communication for natural and technological disaster , 2014 .

[40]  Z. Griliches,et al.  Econometric Models for Count Data with an Application to the Patents-R&D Relationship , 1984 .