IEEE Transactions on Software Engineering
The mythical man-month (anniversary ed.)
The mythical man-month (anniversary ed.)
Economics of Software Vulnerability Disclosure
IEEE Security and Privacy
Market for Software Vulnerabilities? Think Again
Management Science
Chapter I: Notes on structured programming
Structured programming
Algorithmic Game Theory
Optimal Policy for Software Vulnerability Disclosure
Management Science
A market-based approach to software evolution
Proceedings of the 24th ACM SIGPLAN conference companion on Object oriented programming systems languages and applications
Hi-index | 0.00 |
Market models for software vulnerabilities have been disparaged in the past citing how these do little to lower the risk of insecure software. This leads to the common call for yet more legislation against vendors and other producers in order to lower the risk of insecure software. We argue that the call for nationalized intervention does not decrease risk, but rather the user of software has an economic choice in selecting features over security. In this paper, we investigate the economic impact of various decisions as a means of determining the optimal distribution of costs and liability when applied to information security and in particular when assigning costs in software engineering. The users of a software product act rationally when weighing software risks and costs. The choice of delivering features and averting risk is not an option demanded by the end user. After all, it is of little value to increase the cost per unit of software if this means that users purchase the alternative product with more features. We argue that the market models proposed are flawed and not the concept of a market itself.