Sam Ransbotham

MEMBERSHIP TURNOVER AND COLLABORATION SUCCESS IN ONLINE COMMUNITIES: EXPLAINING RISES AND FALLS FROM GRACE IN WIKIPEDIA 1

Firms increasingly turn to online communities to create valuable information. These communities are empowered by new information technology-enabled collaborative tools, tools such as blogs, wikis, and social networks. Collaboration on these platforms is characterized by considerable membership turnover, which could have significant effects on collaborative outcomes. We hypothesize that membership retention relates in a curvilinear fashion to effective collaboration: positively up to a threshold and negatively thereafter. The longitudinal history of 2,065 featured articles on Wikipedia offers support for this hypotheses: Contributions from a mixture of new and experienced participants both increases the likelihood that an article will be promoted to featured article status and decreases the risk it will be demoted after having been promoted. These findings imply that, contrary to many of the assumptions in previous research, participant retention does not have a strictly positive effect on emerging collaborative environments. Further analysis of our data provides empirical evidence that knowledge creation and knowledge retention are actually distinct phases of communitybased peer production, and that communities may on average experience more turnover than ideal during the knowledge retention phase.

Choice and Chance: A Conceptual Model of Paths to Information Security Compromise

No longer the exclusive domain of technology experts, information security is now a management issue. Through a grounded approach using interviews, observations, and secondary data, we advance a model of the information security compromise process from the perspective of the attacked organization. We distinguish between deliberate and opportunistic paths of compromise through the Internet, labeled choice and chance, and include the role of countermeasures, the Internet presence of the firm, and the attractiveness of the firm for information security compromise. Further, using one year of alert data from intrusion detection devices, we find empirical support for the key contributions of the model. We discuss the implications of the model for the emerging research stream on information security in the information systems literature.

Network Characteristics and the Value of Collaborative User-Generated Content

User-generated content is increasingly created through the collaborative efforts of multiple individuals. In this paper, we argue that the value of collaborative user-generated content is a function both of the direct efforts of its contributors and of its embeddedness in the content--contributor network that creates it. An analysis of Wikipedias WikiProject Medicine reveals a curvilinear relationship between the number of distinct contributors to user-generated content and viewership. A two-mode social network analysis demonstrates that the embeddedness of the content in the content--contributor network is positively related to viewership. Specifically, locally central content---characterized by greater intensity of work by contributors to multiple content sources---is associated with increased viewership. Globally central content---characterized by shorter paths to the other collaborative content in the overall network---also generates greater viewership. However, within these overall effects, there is considerable heterogeneity in how network characteristics relate to viewership. In addition, network effects are stronger for newer collaborative user-generated content. These findings have implications for fostering collaborative user-generated content.

Are markets for vulnerabilities effective

Current reward structures in security vulnerability disclosure may be skewed toward benefitting nefarious usage of vulnerability information rather than responsible disclosure. Recently suggested market-based mechanisms offer incentives to responsible security researchers for discovering and reporting vulnerabilities. However, concerns exist that any benefits gained through increased incentives for responsible discovery may be lost through information leakage. Using perspectives drawn from the diffusion of innovations literature, we examine the effectiveness of market-based vulnerability disclosure mechanisms. Empirical examination of two years of security alert data finds that market-based disclosure restricts the diffusion of vulnerability exploitations, reduces the risk of exploitation, and decreases the volume of exploitation attempts.

Target Age and the Acquisition of Innovation in High-Technology Industries

External acquisition of new technology is a growing trend in the innovation and product development process, particularly in high-technology industries, as firms complement internal research and development efforts with aggressive acquisition programs. Yet, despite its importance, there has been little empirical research on the timing of acquisition decisions in high-technology environments. Should organizations wait until more information is available about the target and its markets so that a better valuation can be obtained? Or should the target be acquired early to lower acquisition cost and gain early access to key technologies? Applying an event study methodology to technology acquisitions in the telecommunications industry from 1995 to 2001, we find evidence that supports acquiring early in the face of uncertainty. Our analytical model and empirical analysis uncover two characteristics of young targets that drive benefits from early acquisitions---flexible growth options that provide greater opportunities for synergistic fit, and greater valuation uncertainty that leads to lower prices. However, the negative effect of target age on acquirer value is partially mitigated if the target has recent patents or is privately held. In addition, the probability of acquisition is higher for targets that have signals of higher quality, and lower for targets that have superior access to capital and resources.

Information Disclosure and the Diffusion of Information Security Attacks

With the nearly instantaneous dissemination of information in the modern era, policies regarding the disclosure of sensitive information have become the focus of significant discussion in several contexts. The fundamental debate centers on trade-offs inherent in disclosing information that society needs, but that can also be used for nefarious purposes. Using information security as a research context, our empirical study examines the adoption of software vulnerabilities by a population of attackers. We compare attacks based on software vulnerabilities disclosed through full-disclosure and limited-disclosure mechanisms. We find that full disclosure accelerates the diffusion of attacks, increases the penetration of attacks within the target population, and increases the risk of first attack after the vulnerability is reported. Interestingly, the effect of full disclosure is greater during periods when there are more overall vulnerabilities reported, indicating that attackers may strategically focus on busy periods when the effort of security professionals is spread across many vulnerabilities. Although the aggregate volume of attacks remains unaffected by full disclosure, attacks occur earlier in the life cycle of the vulnerability. Building off our theoretical insights, we discuss the implications of our findings in more general contexts.

Research Note—Content and Collaboration: An Affiliation Network Approach to Information Quality in Online Peer Production Communities

The 15-year history of collaboration on Wikipedia offers insight into how peer production communities create knowledge. In this research, we combine disparate content and collaboration approaches through a social network analysis approach known as an affiliation network. It captures both how knowledge is transferred in a peer production network and also the underlying skills possessed by its contributors in a single methodological approach. We test this approach on the Wikipedia articles dedicated to medical information developed in a subcommunity known as a WikiProject. Overall, we find that the position of an article in the affiliation network is associated with the quality of the article. We further investigate information quality through additional qualitative and quantitative approaches including expert coders using medical students, crowdsourcing using Amazon Mechanical Turk, and visualization using network graphs. A review by fourth-year medical students indicates that the Wikipedia quality rating is a reliable measure of information quality. Amazon Mechanical Turk ratings, however, are a less reliable measure of information quality, reflecting observable content characteristics such as article length and the number of references.

The Impact of Immediate Disclosure on Attack Diffusion and Volume

A significant debate in the security industry revolves around the vulnerability disclosure policy. We investigate the effects of immediate disclosure through an empirical study that analyzes security alerts for 960 clients of an US based security service provider. We find that immediate disclosure of vulnerabilities reduces delay in the attack diffusion process and slightly increases penetration of attacks in the population of target systems but slightly decreases the overall the volume of attacks.

Special section introduction: Ubiquitous IT and digital vulnerabilities

While information technology benefits society in numerous ways, it unfortunately also has potential to create new vulnerabilities. This special issue intends to stimulate thought and research into understanding and mitigating these vulnerabilities. We identify four mechanisms by which ubiquitous computing makes various entities (people, devices, organizations, societies, etc.) more vulnerable, including: increased visibility, enhanced cloaking, increased interconnectedness, and decreased costs. We use the papers in the special issue to explain these mechanisms, and then outline a research agenda for future work on digital vulnerabilities spanning four areas that are, or could become, significant societal problems with implications at multiple levels of analysis: Online harassment and incivility, technology-driven economic inequality, industrial Internet of Things, and algorithmic ethics and bias.

Knowledge entrepreneurship: institutionalising wiki-based knowledge-management processes in competitive and hierarchical organisations

Social media in general and wikis in particular offer unique opportunities for knowledge management. Despite widely publicised successes in public settings, wikis in businesses evince mixed results; enterprises struggle to apply wikis to institutionalise knowledge-management practices. We investigate the inherent tensions underlying knowledge-sharing in competitive and hierarchical organisations. Our application of the multi-level organisational learning framework demonstrates that, although wikis facilitate some important learning stages, other critical challenges remain. A unique blend of project leadership can facilitate the institutionalisation of wiki-based knowledge-management processes. To observe the leadership archetype, we use a longitudinal case study of wiki use within a division of NBC Universal. On the basis of our observations, we propose a new archetype of project leadership called Knowledge Entrepreneurship that integrates managerial skills, technology affordances, and critical factors in knowledge-management processes.