DP5269 Internet Security, Vulnerability Disclosure and Software Provision
|Author(s):||Jay-Pil Choi, Chaim Fershtman, Neil Gandal|
|Publication Date:||October 2005|
|Keyword(s):||internet security, network effects, software, vulnerabilities|
|Programme Areas:||Industrial Organization|
|Link to this Page:||cepr.org/active/publications/discussion_papers/dp.php?dpno=5269|
In this paper, we examine how software vulnerabilities affect firms that license software and consumers that purchase software. In particular, we model three decisions of the firm: (i) an upfront investment in the quality of the software to reduce potential vulnerabilities; (ii) a policy decision whether to announce vulnerabilities; and (iii) a price for the software. We also model two decisions of the consumer: (i) whether to purchase the software; and (ii) whether to apply a patch.