Internet Security, Vulnerability Disclosure, and Software Provision
نویسندگان
چکیده
In this paper, we examine how software vulnerabilities affect firms that sell software and consumers that purchase software. In particular, we model three decisions of the firm: (I) an upfront investment in the quality of the software to reduce potential vulnerabilities, (II) a policy decision whether to announce vulnerabilities, (III) and a price for the software. We also model two decisions of the consumer: (I) whether to purchase the software and (II) whether to apply a patch. 1 Choi: MSU, Fershtman: Tel Aviv University and CEPR, Gandal: Tel Aviv University and CEPR. We thank several anonymous reviewers from WEIS 2005 for their helpful comments. A research grant from Microsoft is gratefully acknowledged. Any opinions expressed are those of the authors.
منابع مشابه
Vulnerability Disclosure and Software Provision
Internet Security, Vulnerability Disclosure and Software Provision* In this paper, we examine how software vulnerabilities affect firms that license software and consumers that purchase software. In particular, we model three decisions of the firm: (i) an upfront investment in the quality of the software to reduce potential vulnerabilities; (ii) a policy decision whether to announce vulnerabili...
متن کاملVulnerability Disclosure: The Strange Case of Bret McDanel
Responsible developers work hard to produce secure, reliable, and efficient software packages. No company wants its integrity compromised by hackers, employees, or legitimate users. Negative publicity damages a firm’s reputation. Legal proceedings can cost an organization millions and destroy any chance of long-term success. Realistically, few products are released without security flaws. Progr...
متن کاملA Quest for a Framework to Improve Software Security: Vulnerability Black Markets Scenario
The discovery and management of software vulnerabilities after a product is released to the public is an important element of improving software quality and stability. The discovery of vulnerabilities enables exploitation and stimulates the development of patches or other protections, which in turn may or may not be deployed by product users. Various approaches have been developed to facilitate...
متن کاملA Reputation-Based Mechanism for Software Vulnerability Disclosure
Whether and how to disclose software vulnerability information has been debated intensely. An optimal disclosure policy should balance the tradeoff between its impact on software vendors' incentives and the potential risks imposed on customers. Previous research on software vulnerability primarily focused on the timing aspect of the disclosure policy. In this paper, we investigate another dimen...
متن کاملThe Effects of Vulnerability Disclosure Policy on the Diffusion of Security Attacks
With the nearly instantaneous spread of information in modern society, policies regarding the disclosure of information about security vulnerabilities have become the focus of significant discussion. The fundamental debate centers on tradeoffs inherent in disclosing information that security professionals need, but that can also be used for nefarious purposes. Our empirical study compares attac...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2005