Let the Pirates Patch? An Economic Analysis of Software Security Patch Restrictions

References

• Alvisi M., Argentesi E., Carbonara E. Piracy and quality choice in monopolistic markets. (2002) . German Working Papers in Law and Economics, University of Mannheim, Mannheim, GermanyGoogle Scholar
• Anderson R., Moore T. The economics of information security. Science (2006) 314(5799):610–613Crossref, Google Scholar
• Arora A., Caulkins J. P., Telang R. Research note–sell first, fix later: Impact of patching on software quality. Management Sci. (2006) 52(3):465–471Link, Google Scholar
• Arora A., Telang R., Xu H. Optimal policy for software vulnerability disclosure. (2005) . Working paper, Carnegie Mellon University, PittsburghCrossref, Google Scholar
• August T., Tunca T. I. Network software security and user incentives. Management Sci. (2006) 52(11):1703–1720Link, Google Scholar
• Bakos Y., Brynjolfsson E., Lichtman D. Shared information goods. J. Law Econom. (1999) XLII:117–155Crossref, Google Scholar
• Bass D. Microsoft to begin blocking fake Windows users from downloads. Bloomberg (2005) January 26). http://www.bloomberg.comGoogle Scholar
• Besen S. M., Kirby S. N. Private copying, appropriability, and optimal copying royalties. J. Law Econom. (1989) 32:255–280Crossref, Google Scholar
• Bloor B. The patch problem: It's costing your business real dollars. Baroudi Bloor (2003) . http://www.mithras.itworld.com/download/special_reports/smallbusiness/PatchProblemReport_BaroudiBloor.pdfGoogle Scholar
• BSA-IDC Second annual BSA and IDC global software piracy study. (2005) May 25Google Scholar
• Cavusoglu H., Cavusoglu H., Raghunathan S. How should we disclose software vulnerabilities. Workshop on Information Technology and Systems (WITS) (2004a) Washington, D.C.(DecemberGoogle Scholar
• Cavusoglu H., Cavusoglu H., Zhang J. Security patch management: Can't live with it, can't live without it. Workshop on Information Technology and Systems (WITS) (2004b) Washington, D.C.(DecemberGoogle Scholar
• Cavusoglu H., Mishra B., Raghunathan S. The value of intrusion detection systems in information technology security. Inform. Systems Res. (2005) 16(1):28–46Link, Google Scholar
• Chen Y.-N., Png I. Information goods pricing and copyright enforcement: Welfare analysis. Inform. Systems Res. (2003) 14(1):107–123Link, Google Scholar
• Connor K. R., Rumelt R. P. Software piracy: An analysis of protection strategies. Management Sci. (1991) 37(2):125–139Link, Google Scholar
• Curien N., Laffond G., Laine J., Moreau F. Towards a new business model for the music industry: Accomodating piracy through ancillary products. Laboratoire d'Econometrie Conservatoire National de Arts et Metiers (2004) 1(4–5):1–21Google Scholar
• Evers J. Microsoft to require Windows piracy check. PC World (2005) January 26). http://www.pcworld.com/article/id,119458-page,1/article.htmlGoogle Scholar
• Evers J. Another hefty patch month for Microsoft. CNET News.com (2006) August 8Google Scholar
• Fried I. Piracy-check mandatory for Windows add-ons. CNET News.com (2005) July 25Google Scholar
• Gantz J. F., Gillen A., Christiansen C. A. The risks of obtaining and using pirated software. Microsoft.com (2006) OctoberGoogle Scholar
• Gopal R. D., Sanders G. L. Preventive and deterrent controls for software piracy. J. Management Inform. Systems (1997) 13(4):29–47Crossref, Google Scholar
• Harbaugh R., Khemka R. Does copyright enforcement encourage piracy? (2001) . Working Paper 2001-14, Claremont McKenna College, Claremont, CAGoogle Scholar
• Holsing N. F., Yen D. C. Software asset management: Analysis, development and implementation. Inform. Resources Management J. (1999) 12(3):14–26Crossref, Google Scholar
• Hou C. H. Security for all. Computer Times (2004) May 5). http://computertimes.asia1.com.sg/news/story/0,5104,2292,00.htmlGoogle Scholar
• Jaisingh J., Li Q. The optimal time to disclose software vulnerability: Incentive and commitment. (2005) November). Working paper, Hong Kong University of Science and Technology, Kowloon, Hong KongGoogle Scholar
• Johnson W. The economics of copying. J. Political Econom. (1985) 93(1):158–174Crossref, Google Scholar
• Liebowitz S. J. Copying and indirect appropriability: Photocopying of journals. J. Political Econom. (1985) 93(5):945–957Crossref, Google Scholar
• Microsoft Windows XP product activation. Microsoft.com (2002) AugustGoogle Scholar
• Microsoft Microsoft to implement worldwide anti-piracy initiative. Microsoft.com (2005a) JanuaryGoogle Scholar
• Microsoft Windows genuine advantage 1.0 goes live. Microsoft.com (2005b) JulyGoogle Scholar
• Microsoft Founder signs genuine Windows cooperative engagement agreement with Microsoft. Microsoft.com (2006) AprilGoogle Scholar
• Microsoft Microsoft security bulletin summaries and webcasts. Microsoft.com (2007) JanuaryGoogle Scholar
• Moore D., Shannon C., Brown J. Code-red: A case study on the spread and victims of an internet worm. Proc. 2nd ACM SIGCOMM Workshop on Internet Measurement (2002) (ACM Press, New York) 273–284Crossref, Google Scholar
• Naraine R. Massive DDoS attack hit DNS root servers. (2002) October). InternetNews.com (October 23)Google Scholar
• Novos I. E., Waldman M. The effects of increased copyright protection: An analytic approach. J. Political Econom. (1984) 92(2):236–246Crossref, Google Scholar
• Peitz M., Waelbroeck P. Making use of file sharing in music distribution. (2003a) . Mimeo, University of Mannheim, Mannheim, and ECARES, Germany, Free University of Brussels, Brussels, BelgiumGoogle Scholar
• Peitz M., Waelbroeck P. Piracy of digital products: A critical review of the economics literature. (2003b) . CESinfo Working Paper Series, No. 1071, Ludwig-Maximilians-Universitaet, and the Ifo Institute for Economic Research, Munich, GermanyGoogle Scholar
• Rao S. Copyright: Its implications for electronic information. Online Inform. Rev. (2003) 27(4):264–275Crossref, Google Scholar
• Rooney P. Channel praises Microsoft plan to “stigmatize” software pirates. (2005) January 26). CRN.comGoogle Scholar
• Salloway M. Common issues with Windows XP service pack 2. Mark Salloway's Windows XP Resource Center (2004) . http://www.mvps.org/marksxp/WindowsXP/SP2/common.php#sp2Google Scholar
• Schneier B. Microsoft's actions speak louder than words. NetworkWorld.com (2004) MayGoogle Scholar
• Shy O., Thisse J.-F. A strategic approach to software protection. J. Econom. Management Strategy (1999) 8(2):163–190Crossref, Google Scholar
• Slive J., Bernhardt D. Pirated for profit. Canadian J. Econom. (1998) 31(4):886–899Crossref, Google Scholar
• Sovereign-Smith R. The net threat. Digit (2006) August):108–110Google Scholar
• Sundararajan A. Managing digital piracy: Pricing and protection. Inform. Systems Res. (2004) 15(3):287–308Link, Google Scholar
• Takeyama L. N. The welfare implications of unauthorized reproduction of intellectual property in the presence of demand network externalities. J. Indust. Econom. (1994) 62:155–166Crossref, Google Scholar
• Takeyama L. N. The intertemporal consequences of unauthorized reproduction of intellectual property. J. Law Econom. (1997) 40(2):511–522Crossref, Google Scholar
• Varian H. Buying, renting and sharing information goods. J. Indust. Econom. (2000) 48:473–488Crossref, Google Scholar
• Varian H. R. Copying and copyright. J. Econom. Perspectives (2005) 19(2):121–138Crossref, Google Scholar
• Vijayan J. Akamai now says it was targeted by DDoS attack. (2004) . Computerworld (June) Computerworld.comGoogle Scholar
• Weaver N., Paxson V., Staniford S., Cunningham R. A taxonomy of computer worms. Proc. 2003 ACM Workshop on Rapid Malcode (2003) (ACM Press, New York) 11–18Crossref, Google Scholar
• Worthington D. Microsoft: SP2 will not install on pirated copies of XP. BetaNews (2004) May 11). http://www.betanews.com/article/1084264398Google Scholar