Economic Analaysis of Incentives to Disclose Software Vulnerabilities

dc.contributor.authorThursby, Marie
dc.contributor.authorNizovtsev, Dmitrien_US
dc.dateApril 2005en_US
dc.description.abstractThis paper addresses the ongoing debate about the practice of disclosing information about software vulnerabilities through an open public forum. Using game-theoretic approach, we show that such practice may be an equilibrium strategy in a game played by rational loss-minimizing agents. We find that under certain parameters public disclosure of vulnerabilities is desirable from the social welfare standpoint. The presence of an opportunity to disclose allows individual software users to reduce their expected loss from attacks and by doing so improves social welfare. We analyze the effect of several product characteristics and the composition of the pool of software users on the decisions to disclose and on social welfare and compare several public policy alternatives in terms of their efficacy in reducing the overall social welfare loss from attacks. Our results suggest that designing an incentive system that would induce vendors to release fixes sooner and improve the quality of their products should be among the priorities for any policymaking agency concerned with information security. Doing so would reduce individual incentives to disclose vulnerabilities, thus further reducing the potential damage from any given vulnerability. Our preliminary analysis of information-sharing coalitions suggests that such entities have a positive effect only under a fairly restrictive set of conditions.en_US
dc.description.sponsorshipKaw Valley Banken_US
dc.identifier.otherSchool of Business Working Paper Series; No. 41en_US
dc.publisherWashburn University. School of Businessen_US
dc.subjectComputer softwareen_US
dc.subjectEconomic analysisen_US
dc.titleEconomic Analaysis of Incentives to Disclose Software Vulnerabilitiesen_US
dc.typeWorking paperen_US
Original bundle
Now showing 1 - 1 of 1
Thumbnail Image
1.86 MB
Adobe Portable Document Format