The effect of liability and patch release on software security: The monopoly case

Production and Operations Management

Volumn 20, Issue 4, 2011, Pages 603-617

  Kim, Byung Cho ^a   Chen, Pei Yu ^b   Mukhopadhyay, Tridas ^c  

^a PAMPLIN COLLEGE OF BUSINESS   (United States)

^b TEMPLE UNIVERSITY   (United States)

^c CARNEGIE MELLON UNIVERSITY   (United States)

Author keywords

liability; monopoly; patch release; security awareness; software security

Indexed keywords

EID: 79960144492     PISSN: 10591478     EISSN: 19375956     Source Type: Journal    
DOI: 10.1111/j.1937-5956.2010.01189.x     Document Type: Article

References (37)

1. Anderson, R., 2001. Why information security is hard - an economic perspective. Proceeding, 17th Annual Computer Security Applications Conference, December 10-14, New Orleans, LA.
2. Anderson, R., T. Moore,. 2006. The economics of information security. Science 314 (5799): 610-613. (Pubitemid 44646376)
3. Armour, J., W. S. Humphrey,. 1993. Software product liability. Technical Report CMU/SEI-93-TR-13, Software Engineering Institute, Carnegie Mellon University, Pittsburgh, PA.
4. Arora, A., J. Caulkins, R. Telang,. 2006. Sell first, fix later: Impact of patch release on software quality. Manage. Sci. 52 (3): 465-471.
5. Arora, A., R. Telang, H. Xu,. 2007. Optimal policy for software vulnerability disclosure. Manage. Sci. 54 (4): 642-656.
6. August, T., T. Tunca,. 2006. Network software security and user incentives. Manage. Sci. 52 (11): 1703-1720. (Pubitemid 44706077)
7. August, T., T. Tunca,. 2008. Let the pirates patch? An economic analysis of software security patch restrictions. Inf. Syst. Res. 19 (1): 48-70.
8. Bala, R., S. Carr,. 2009. Pricing software upgrades: The role of product improvement and user costs. Prod. Oper. Manag. 18 (5): 560-580.
9. Cavusoglu, H., H. Cavusoglu, J. Zhang,. 2008. Security patch management: Share the burden or share the damage. Manage. Sci. 54 (4): 657-670.
10. Daughety, A., J. Reinganum,. 1995. Product safety: Liability, R&D and signaling. Am. Econ. Rev. 85: 1187-1206.
11. Diamond, P., 1974. Single activity accidents. J. Leg. Stud. 3 (1): 107-164.
12. Fisher, D., 2002. Contracts getting tough on security. eWeek, April 15.
13. Fisk, M., 2002. Causes & remedies for social acceptance of network insecurity. Presentation, 1st Workshop on Economics and Information Security, May 16-17, Berkeley, CA.
14. Gal-Or, E., 1989. Warranties as a signal of quality. Can. J. Econ. 22 (1): 50-61.
15. Gates, B., 2002. Bill Gates: Trustworthy computing. Available at http://www.wired.com/techbiz/media/news/2002/01/49826 (accessed date March 15, 2010).
16. Grossman, S., 1981. The informational role of warranties and private disclosure about product quality. J. Law Econ. 24 (3): 461-483.
17. Harmon, A., 2003. Digital vandalism spurs a call for oversight. New York Times, September 1.
18. Heckman, C., 2003. Two views on security software liability: Using the right legal tools. IEEE Secur. Priv. 1 (1): 73-75.
19. Kannan, K., R. Telang,. 2005. Market for software vulnerabilities? Think again. Manage. Sci. 51 (5): 726-740. (Pubitemid 40867140)
20. Kim, B. C., P. Chen, T. Mukhopadhyay,. 2010. An economic analysis of the software market with a risk-sharing mechanism. Int. J. Electron. Commer. 14 (2): 7-39.
21. Lahiri, A., 2007. Strategic patch release and patch-pricing in the presence of dual network effects. Working paper FR 07-13, Simon Graduate School of Business, Rochester, NY.
22. Liu, D., M. Dawande, V. Mookerjee,. 2007. Value-driven creation of functionality in software projects: Optimal sequencing and reuse. Prod. Oper. Manag. 16 (3): 381-399.
23. McGraw, G., 2003. From the ground up: The DIMACS software security workshop. IEEE Secur. Priv. 1 (2): 59-66.
24. Mussa, M., S. Rosen,. 1978. Monopoly and product quality. J. Econ. Theory 18: 301-317.
25. P'ng, I., 1987. Litigation, liability and incentives for care. J. Public Econ. 34 (1): 61-85.
26. Ronnen, U., 1991. Minimum quality standards, fixed costs, and competition. RAND J. Econ. 22: 490-504.
27. Ryan, D. J., 2003. Two views on security software liability: Let the legal system decide. IEEE Secur. Priv. 1 (1): 70-72.
28. Sager, I., J. Green,. 2002. The best way to make software secure: Liability. Business Week, March 18, 61.
29. Schneier, B., 2004. Information security: How liable should vendors be? Computerworld, October 28.
30. Simon, M., 1981. Imperfect information, costly litigation, and product quality. Bell J. Econ. 12 (1): 171-184.
31. Spence, M., 1975. Monopoly, quality, and regulation. Bell J. Econ. 6: 417-429.
32. Spence, M., 1977. Consumer misperceptions, product failure and producer liability. Rev. Econ. Stud. 44 (3): 561-572.
33. Vandenbosch, B., C. Weinberg,. 1995. Product and price competition in a two-dimensional vertical differentiation model. Mark. Sci. 14 (2): 224-249.
34. Varian, H. R., 2000. Managing online security risks. New York Times, June 1.
35. Verton, D., 2003. Software failure cited in blackout investigation. Computerworld, November 24.
36. Viscusi, W., 1991. Reforming Products Liability. Cambridge, MA, Harvard University Press.
37. Yurcik, W., D. Doss,. 2002. Cyberinsurance: A market solution to the Internet security market failure. Presentation, 1st Workshop on Economics and Information Security, May 16-17, Berkeley, CA.