DP5269 Internet Security, Vulnerability Disclosure and Software Provision

Author(s): Jay-Pil Choi, Chaim Fershtman, Neil Gandal
Publication Date: October 2005
Keyword(s): internet security, network effects, software, vulnerabilities
JEL(s): L86, O3
Programme Areas: Industrial Organization
Link to this Page: cepr.org/active/publications/discussion_papers/dp.php?dpno=5269

In this paper, we examine how software vulnerabilities affect firms that license software and consumers that purchase software. In particular, we model three decisions of the firm: (i) an upfront investment in the quality of the software to reduce potential vulnerabilities; (ii) a policy decision whether to announce vulnerabilities; and (iii) a price for the software. We also model two decisions of the consumer: (i) whether to purchase the software; and (ii) whether to apply a patch.