Help
Cart
Skip main navigation

Available Issues

April 10, 2013 - May 8, 2026

Available Issues

April 10, 2013 - May 8, 2026

Market for Software Vulnerabilities? Think Again

Published Online:1 May 2005https://doi.org/10.1287/mnsc.1040.0357

References

  • Arora A., Caulkins J. P., Telang R. Provision of software quality in the presence of patching technology. (2003) . Working paper, Carnegie Mellon University, Pittsburgh, PAGoogle Scholar
  • Arora A., Telang R., Xu H. An economic model of software vulnerability disclosure. 3rd Workshop Econom. Inform. Security (2004) (Minneapolis, MN) Google Scholar
  • Bakos Y., Brynjolfsson E. Bundling information goods: Pricing, profits and efficiency. Management Sci. (1999) 45(12):1613–1630LinkGoogle Scholar
  • Bakos Y., Brynjolfsson E., Lichtman D. Shared information goods. J. Law Econom. (1999) 34(1):117–155CrossrefGoogle Scholar
  • C-Net Microsoft to offer bounty on hackers. (2003) . http://rss.com.com/2100-7355-5102110.htmlGoogle Scholar
  • Camp J. L., Wolfram C., Camp L. J., Lewis S. Pricing security. Economics of Information Security. Advances in Information Security (2004) 12(Springer)CrossrefGoogle Scholar
  • Computer Emergency Response Team (CERT) CERT/CC Statistics 1988–2003. (2003) . http://www.cert.org/stats/Google Scholar
  • Dasgupta P. S., Stiglitz J. E. Uncertainty, industrial structure, and the speed of R&D. Bell J. Econom. (1980) 11:1–8CrossrefGoogle Scholar
  • Dingledine R., Freedman M., Molnar D., Oram A. Accountability. Peer-to-Peer Harnessing the Power of Disruptive Technologies (2001) (MIT Press, Cambridge, MA) 271–334Google Scholar
  • Du W., Mathur A. P. Categorization of software errors that led to security breaches. Proc. 21st National Inform. Systems Security Conf. (1998a) Crystal City, VA:392–407Google Scholar
  • Du W., Mathur A. P. Vulnerability testing of software system using fault injection. (1998b) . Technical report, Reference: Coast TR 98-02, Department of Computer Science, Purdue University, West Lafayette, INGoogle Scholar
  • eWeek CERT, Feds consider new reporting process. (2003) . http://www.eweek.com/article2/0,3959,970574,00.aspGoogle Scholar
  • Gal-Or E., Ghose A. The economic incentives for sharing security information. Inform. Systems Res. (2003) . ForthcomingGoogle Scholar
  • Gordon L. A., Loeb M. P. The economics of information security investment. ACM Trans. Inform. System Security (2002) 5(4):438–457CrossrefGoogle Scholar
  • Gordon L. A., Loeb M. P., Lucyshyn W. An economic perspective on the sharing of information related to security breaches: Concepts and empirical evidence. 1st Workshop Econom. Inform. Security (2002) (Berkeley, CA) Google Scholar
  • Gordon L. A., Loeb M. P., Lucyshyn W. Sharing information on computer systems: An economic analysis. J. Accounting Public Policy (2003a) 22(6):461–485CrossrefGoogle Scholar
  • Gordon L. A., Loeb M. P., Sohail T. A framework for using insurance for cyber risk management. Comm. ACM (2003b) 46(3):81–85CrossrefGoogle Scholar
  • Jones S. The Internet goes to college. (2002) . Technical report, Pew Internet & American Life Project, http://www.pewinternet.orgGoogle Scholar
  • Krsul I., Spafford E., Tripunitara M. Computer vulnerability analysis. (1998) . Technical report, Department of Computer Science, Purdue University, West Lafayette, INGoogle Scholar
  • National Institute of Standards and Technology (NIST) (2002) . The economic impacts of inadequate infrastructure for software testing. Technical report, www.nist.gov/director/prog-ofc/report02-03.pdfGoogle Scholar
  • Poulson K. Security research exemption to DMCA considered. (2003) . Security-Focus. http://www.securityfocus.com/news/4729Google Scholar
  • Preston E., Lofton J. Computer security publications: Information economics, shifting liability and the first amendment. Whittier Law Rev. (2002) 24:71–142Google Scholar
  • Reinganum J. A dynamic game of R&D: Patent protection and competitive behavior. Econometrica (1982) 48:671–688CrossrefGoogle Scholar
  • Schechter S. E., Davida G., Frankel Y., Rees O. How to buy better testing: Using competition to get the most security and robustness for your dollar. Proc. Infrastructure Security Conf. (2002) (Springer-Verlag)CrossrefGoogle Scholar
  • Schechter S. E., Smith M. D. How much security is enough to stop a thief? 7th Internat. Financial Cryptography Conf. (2003) Gosiea, GuadeloupeCrossrefGoogle Scholar
  • Shapiro C., Varian H.Information Rules (1998) (Harvard Business School Press, Cambridge, MA) Google Scholar
  • Varian H. R. Buying, sharing and renting information goods. J. Indust. Econom. (2000a) 48(4):473–488CrossrefGoogle Scholar
  • Varian H. R. Managing online security risks. New York Times (2000b) June 1Google Scholar
  • Varian H. R. System reliability and free riding. 1st Workshop Econom. Inform. Security (2002) (Berkeley, CA)Google Scholar
  • Yurcik W., Doss D. Cyberinsurance: A market solution to Internet security market failure. 1st Workshop Econom. Inform. Security (2002) (Berkeley, CA)Google Scholar
Previous
Back to Top
Next
INFORMS site uses cookies to store information on your computer. Some are essential to make our site work; Others help us improve the user experience. By using this site, you consent to the placement of these cookies. Please read our Privacy Statement to learn more.
Agree