Software Security and Liability

The abundance of flawed software has been identified as the main cause of the poor security of computer networks since major viruses and worms have been exploiting the vulnerabilities of such software. As an incentive mechanism for software security quality improvement, software liability has been intensely discussed among computer scientists, jurists, and policy makers for a long time. In this paper, we examine how the liability mechanism affects a monopolistic software vendor’s decision on security quality and market coverage. We then analyze the welfare implications of the liability mechanism. We find that high marginal willingness to pay for the software leads to full market coverage without liability. When liability is imposed, full market coverage obtains only if the expected loss is bounded. We also find that security quality is underprovided without liability while socially optimal level is offered with liability. Interestingly, our results indicate that imposing liability may discourage the monopolist from improving security while it leads to higher consumer surplus. When the marginal willingness to pay is relatively low, the liability mechanism brings higher social surplus. In the presence of information asymmetry between the vendor and the customers, the liability mechanism yields higher security quality and higher consumer surplus.