DP5269 Internet Security, Vulnerability Disclosure and Software Provision
| Author(s): | Jay-Pil Choi, Chaim Fershtman, Neil Gandal |
| Publication Date: | October 2005 |
| Keyword(s): | internet security, network effects, software, vulnerabilities |
| JEL(s): | L86, O3 |
| Programme Areas: | Industrial Organization |
| Link to this Page: | cepr.org/active/publications/discussion_papers/dp.php?dpno=5269 |
In this paper, we examine how software vulnerabilities affect firms that license software and consumers that purchase software. In particular, we model three decisions of the firm: (i) an upfront investment in the quality of the software to reduce potential vulnerabilities; (ii) a policy decision whether to announce vulnerabilities; and (iii) a price for the software. We also model two decisions of the consumer: (i) whether to purchase the software; and (ii) whether to apply a patch.