Computers at risk: safe computing in the information age
Computers at risk: safe computing in the information age
Five dimensions of information security awareness
ACM SIGCAS Computers and Society
Two Views on Security Software Liability: Let the Legal System Decide
IEEE Security and Privacy
Two Views on Security Software Liability: Using the Right Legal Tools
IEEE Security and Privacy
Why Information Security is Hard-An Economic Perspective
ACSAC '01 Proceedings of the 17th Annual Computer Security Applications Conference
Nonlinear Pricing of Information Goods
Management Science
Market for Software Vulnerabilities? Think Again
Management Science
Network Software Security and User Incentives
Management Science
Research NoteSell First, Fix Later: Impact of Patching on Software Quality
Management Science
The Market Structure for Internet Search Engines
Journal of Management Information Systems
Internet Privacy Concerns and Social Awareness as Determinants of Intention to Transact
International Journal of Electronic Commerce
International Journal of Electronic Commerce
An Empirical Analysis of the Impact of Software Vulnerability Announcements on Firm Stock Price
IEEE Transactions on Software Engineering
A Privacy-Protecting Business-Analytics Service for On-Line Transactions
International Journal of Electronic Commerce
Journal of Management Information Systems
Journal of Management Information Systems
Decision-Theoretic and Game-Theoretic Approaches to IT Security Investment
Journal of Management Information Systems
Optimal Policy for Software Vulnerability Disclosure
Management Science
Security Patch Management: Share the Burden or Share the Damage?
Management Science
Let the Pirates Patch? An Economic Analysis of Software Security Patch Restrictions
Information Systems Research
Effective immunization of online networks: a self-similar selection approach
Information Technology and Management
Hi-index | 0.00 |
Inadequate software security is blamed for poor network security when viruses and worms cause major disruptions. However, software vendors have little incentive to improve the security quality of their products because they are not directly liable for losses incurred due to poor security. The concept of software liability has been intensely discussed by computer scientists and jurists for years as a possible solution for improving software security. This paper examines a risk-sharing mechanism between a software vendor and its customers as a way to implement software liability. It considers both the software vendor's incentive to share risks with customers and the question of whether risk-sharing leads to better software security. The model provides evidence of underprovided security quality under monopoly with complete information, as has been observed in the market. The policy implications of the risk-sharing mechanism and the possible impact of competition on software vendors' incentive for risk-sharing are examined. Information asymmetry is found to be a key factor in voluntary risk-sharing under monopoly; the risk-sharing level can be a signal of unobservable security quality.