An economic analysis of the software market with a risk-sharing mechanism

International Journal of Electronic Commerce

Volumn 14, Issue 2, 2009, Pages 7-40

  Kim, Byung Cho ^a   Chen, Pei Yu ^b   Mukhopadhyay, Tridas ^c  

^a VIRGINIA POLYTECHNIC INSTITUTE AND STATE UNIVERSITY   (United States)

^b TEMPLE UNIVERSITY   (United States)

^c CARNEGIE MELLON UNIVERSITY   (United States)

Author keywords

Economics of IS; Information asymmetry; Security policies; Software liability; Software security

Indexed keywords

EID: 72449167415     PISSN: 10864415     EISSN: None     Source Type: Journal    
DOI: 10.2753/JEC1086-4415140201     Document Type: Article

References (39)

1. Anderson, R. Why information security is hard-An economic perspective. In Proceedings of 17th Annual Computer Security Applications Conference. Los Alamitos, CA: IEEE Computer Society, 2001, pp. 358-365.
2. Arora, A.; Calkins, J.; and Telang, R. Sell first, fix later: Impact of patching on software quality. Management Science, 52, 3 (2006), 465-471.
3. Arora, A.; Telang, R.; and Xu, H. Optimal policy for software vulnerability disclosure. Management Science, 54, 4 (2007), 642-656.
4. August, T., and Tunca, T. Network software security and user incentives. Management Science, 52, 11 (2006), 1703-1720.
5. August, T., and Tunca. T. Let the pirates patch? An economic analysis of software security patch restrictions. Information Systems Research, 19, 1 (2008), 48-70.
6. Baumol, W.; Bailey, E.; and Willig, R. Weak invisible hand theorems on the sustainability of multiproduct natural monopoly. American Economic Review, 67, 3 (1977), 350-365.
7. Berendt, B.; Preibusch, S.; and Teltzrow, M. A privacy-protecting business-analytics service for on-line transactions. International Journal of Electronic Commerce, 12, 3 (2008), 115-150.
8. Cavusoglu, H.; Cavusoglu, H.; and Zhang, J. Security patch management: Share the burden or share the damage. Management Science, 54, 4 (2008), 657-670.
9. Cavusoglu, H.; Mishra, B.; and Raghunathan, S. The effect of Internet security breach announcements on market value: Capital market reactions for breached firms and Internet security developers. International Journal of Electronic Commerce, 9, 1 (2004), 69-104.
10. Cavusoglu, H.; Raghunathan, S.; and Yue, W. Decision-theoretic and game-theoretic approaches to IT security investment. Journal of Management Information Systems, 25, 2 (2008), 281-304.
11. Chellappa, R., and Shivendu, S. An economic model of privacy: A property rights approach to regulatory choices for online personalization. Journal of Management Information Systems, 24, 3 (winter 2007-2008), 193-225.
12. Dinev, T., and Hart, P. Internet privacy concerns and social awareness as determinants of intention to transact. International Journal of Electronic Commerce, 10, 2 (winter 2005-2006), 7-29.
13. Economides, N., and Katsamakas, E. Two-sided competition of proprietary vs. open implications for the software industry. Management Science, 52, 7 (2006), 1057-1071.
14. Economist. Microsoft at the power point. September 11, 2003.
15. Fisher, D. Contracts getting tough on security. eWeek, April 15, 2002, 1-2.
16. Fisk, M. Causes and remedies for social acceptance of network insecurity. Workshop on Economics and Information Security, University of California, Berkeley, May 16-17, 2002.
17. Harmon, A. Digital vandalism spurs a call for oversight. New York Times, September 1, 2003, www.nytimes.com/2003/09/01/technology/01NET .html?ex=1063339200&en=6c9adcbdd0cb5f11&ei=5070.
18. Heckman, C. Two views on security software liability: Using the right legal tools. IEEE Security & Privacy, 1, 1 (2003) 73-75.
19. Jones, R., and Mendelson, H. Product and price competition for information goods. Technical Report, Stanford University, 1998.
20. Kannan, K., and Telang, R. Market for software vulnerabilities? Think again. Management Science, 51, 5 (2005), 726-740.
21. Markoff, J. Microsoft programmers hit the books in a new focus on secure software. New York Times, April 8, 2002, www.nytimes.com/2002/ 04/08/business/microsoft-programmers-hit-the-books-in-a-new-focus-onsecure- software.html.
22. Morgenthaler, G. Apple's OS edge is a threat to Microsoft. Business Week, April 11, 2008, www.businessweek.com/technology/content/apr2008/ tc20080410-206881.htm.
23. Mussa, M., and Rosen, S. Monopoly and product quality. Journal of Economic Theory, 18, 2 (1978), 301-317.
24. National Research Council. Computers at Risk: Safe Computing in the Information Age. Washington, DC: National Academy Press, 1991.
25. Orszag, P.R. Critical infrastructure protection and the private sector: The crucial role of incentives. Brookings Institution, Washington, DC, September 4, 2003, www.brookings.edu/testimony/2003/0904-homelandsecurity- orszag.aspx.
26. Richardson, R. CSI Survey 2007: The 12th Annual Computer Crime and Security Survey. Computer Security Institute, 2007, available at www.gocsi. com/forms/csi-survey.jhtml.
27. Ronnen, U. Minimum quality standards, fixed costs, and competition. RAND Journal of Economics, 22, 4 (1991), 490-504.
28. Ryan, D. Two views on security software liability: Let the legal system decide. IEEE Security & Privacy, 1, 1 (2003), 70-72.
29. Schneier, B. Information security: How liable should vendors be? Computer World (October 28, 2004), www.computerworld.com/s/article/96948/ Information-security-How-liable-should-vendors-be-?taxonomyId=017& SKC=security-96948.
30. Schneier, B. Do federal security regulations help? Information Security (November 2006), http://searchsecurity.techtarget.com/magazineFeature/ 0,296894,sid14-gci1256971,00.html.
31. Siponen, M. Five dimensions of information security awareness. ACM SIG CAS Computers and Society, 31, 2 (2001), 24-29.
32. Spence, M. Monopoly, quality, and regulation. Bell Journal of Economics, 6, 2 (1975), 417-429.
33. Spence, M. Consumer misperceptions, product failure and producer liability. Review of Economic Studies, 44, 3 (1977), 561-572.
34. Sundararajan, A. Nonlinear pricing of information goods. Management Science, 50, 12 (2004), 1660-1673.
35. Tang, Z.; Hu, Y.; and Smith, M. Gaining trust through online privacy protection: Self-regulation, mandatory standards, or caveat emptor. Journal of Management Information Systems, 24, 4 (2008), 153-173.
36. Telang, R., and Wattal, S. An empirical analysis of the impact of software vulnerability announcements on firm stock price. IEEE Transactions on Software Engineering, 33, 8 (2007), 544-557.
37. Telang, R.; Rajan, U.; and Mukhopadhyay, T. The market structure for Internet search engines. Journal of Management Information Systems, 21, 2 (2004), 137-160.
38. Varian, H.R. Managing online security risks. New York Times, June 1, 2000, www.nytimes.com/library/financial/columns/060100econ-scene. html.
39. Varian, H.R. Economics of information technology. Remarks delivered as the Mattioli Lecture, Bocconi University, Milan, November 2001.