• Login
    View Item 
    •   WU IR Home
    • Colleges, Departments, and Organizations
    • School of Business
    • Kaw Valley Bank Working Paper Series
    • View Item
    •   WU IR Home
    • Colleges, Departments, and Organizations
    • School of Business
    • Kaw Valley Bank Working Paper Series
    • View Item
    JavaScript is disabled for your browser. Some features of this site may not work without it.

    Economic Analaysis of Incentives to Disclose Software Vulnerabilities

    Thumbnail
    View/Open
    102.pdf (1.856Mb)
    Author
    Thursby, Marie
    Nizovtsev, Dmitri
    Publisher
    Washburn University. School of Business
    Sponsor
    Kaw Valley Bank
    Date
    April 2005
    Metadata
    Show full item record
    Abstract
    This paper addresses the ongoing debate about the practice of disclosing information about software vulnerabilities through an open public forum. Using game-theoretic approach, we show that such practice may be an equilibrium strategy in a game played by rational loss-minimizing agents. We find that under certain parameters public disclosure of vulnerabilities is desirable from the social welfare standpoint. The presence of an opportunity to disclose allows individual software users to reduce their expected loss from attacks and by doing so improves social welfare. We analyze the effect of several product characteristics and the composition of the pool of software users on the decisions to disclose and on social welfare and compare several public policy alternatives in terms of their efficacy in reducing the overall social welfare loss from attacks. Our results suggest that designing an incentive system that would induce vendors to release fixes sooner and improve the quality of their products should be among the priorities for any policymaking agency concerned with information security. Doing so would reduce individual incentives to disclose vulnerabilities, thus further reducing the potential damage from any given vulnerability. Our preliminary analysis of information-sharing coalitions suggests that such entities have a positive effect only under a fairly restrictive set of conditions.
    URI
    https://wuir.washburn.edu/handle/10425/164
    Collections
    • Faculty Papers
    • Kaw Valley Bank Working Paper Series

    Browse

    All of WU IRCommunities & CollectionsBy Submit DateAuthorsTitlesSubjectsThis CollectionBy Submit DateAuthorsTitlesSubjects

    My Account

    LoginRegister

    DSpace software copyright © 2002-2023  DuraSpace
    Contact Us | Send Feedback
    DSpace Express is a service operated by 
    Atmire NV