Vulnerability Disclosure and Software Provision
نویسندگان
چکیده
Internet Security, Vulnerability Disclosure and Software Provision* In this paper, we examine how software vulnerabilities affect firms that license software and consumers that purchase software. In particular, we model three decisions of the firm: (i) an upfront investment in the quality of the software to reduce potential vulnerabilities; (ii) a policy decision whether to announce vulnerabilities; and (iii) a price for the software. We also model two decisions of the consumer: (i) whether to purchase the software; and (ii) whether to apply a patch. JEL Classification: L86 and O3
منابع مشابه
A Reputation-Based Mechanism for Software Vulnerability Disclosure
Whether and how to disclose software vulnerability information has been debated intensely. An optimal disclosure policy should balance the tradeoff between its impact on software vendors' incentives and the potential risks imposed on customers. Previous research on software vulnerability primarily focused on the timing aspect of the disclosure policy. In this paper, we investigate another dimen...
متن کاملInternet Security, Vulnerability Disclosure, and Software Provision
In this paper, we examine how software vulnerabilities affect firms that sell software and consumers that purchase software. In particular, we model three decisions of the firm: (I) an upfront investment in the quality of the software to reduce potential vulnerabilities, (II) a policy decision whether to announce vulnerabilities, (III) and a price for the software. We also model two decisions o...
متن کاملAn Empirical Analysis of Software Vendors' Patching Behavior: Impact of Vulnerability Disclosure
One key aspect of better and more secure software is timely and reliable patching of vulnerabilities by software vendors. Recently, software vulnerability disclosure, which refers to the publication of vulnerability information before a patch to fix the vulnerability has been issued by the software vendor, has generated intense interest and debate. In particular, there have been arguments made ...
متن کاملImpact of Vulnerability Disclosure and Patch Availability - An Empirical Analysis
Vulnerability disclosure is an area of public policy that has been subject to considerable debate, particularly between proponents of full and instant disclosure, and those of limited or no disclosure. This paper is an attempt to empirically test the impact of vulnerability information disclosure and availability of patches on attackers’ tendency to exploit vulnerabilities on one hand and on th...
متن کاملAn Empirical Analysis of Vendor Response to Disclosure Policy
Software vulnerability disclosure has generated intense interest and debate. In particular, there have been arguments made both in opposition to and in favor of alternatives such as full and instant disclosure and limited or no disclosure. An important consideration in this debate is the behavior of the software vendor. Does vulnerability disclosure policy have an effect on patch release behavi...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2005