The Effect of Liability and Patch Release on Software Security: The Monopoly Case

The Effect of Liability and Patch Release on Software Security: The Monopoly Case

0.00 Avg rating0 Votes
Article ID: iaor201113115
Volume: 20
Issue: 4
Start Page Number: 603
End Page Number: 617
Publication Date: Jul 2011
Journal: Production and Operations Management
Authors: , ,
Keywords: risk, production
Abstract:

An abundance of flawed software has been identified as the main cause of the poor security of computer networks because major viruses and worms exploit the vulnerabilities of such software. As an incentive mechanism for software security quality improvement, software liability has been intensely discussed among both academics and practitioners for a long time. An alternative approach to managing software security is patch release, which has been widely adopted in practice. In this paper, we examine these two different ways of mitigating customer risk in the software market: liability and patch release. We study the impact of both mechanisms on a monopolistic software vendor's decision on security quality. We find the conditions under which each mechanism is effective in terms of improving security quality and increasing social surplus. The heterogeneous nature of loss is identified to be a key factor for the effectiveness of the liability mechanism. On the other hand, patch release can be effective and welfare-enhancing regardless of the nature of loss as long as customers incur low patching cost, and/or the vendor incurs low patch development cost. We also examine the impact of customer misperception of the outcome from vulnerable software on the effectiveness of liability.

Reviews

Required fields are marked *. Your email address will not be published.