Discussion paper

DP5269 Internet Security, Vulnerability Disclosure and Software Provision

In this paper, we examine how software vulnerabilities affect firms that license software and consumers that purchase software. In particular, we model three decisions of the firm: (i) an upfront investment in the quality of the software to reduce potential vulnerabilities; (ii) a policy decision whether to announce vulnerabilities; and (iii) a price for the software. We also model two decisions of the consumer: (i) whether to purchase the software; and (ii) whether to apply a patch.

£6.00
Citation

Fershtman, C, N Gandal and J Choi (2005), ‘DP5269 Internet Security, Vulnerability Disclosure and Software Provision‘, CEPR Discussion Paper No. 5269. CEPR Press, Paris & London. https://cepr.org/publications/dp5269