IDEAS home Printed from https://ideas.repec.org/a/inm/ormnsc/v52y2006i11p1703-1720.html
   My bibliography  Save this article

Network Software Security and User Incentives

Author

Listed:
  • Terrence August

    (Graduate School of Business, Stanford University, 518 Memorial Way, Stanford, California 94305-5015)

  • Tunay I. Tunca

    (Graduate School of Business, Stanford University, 518 Memorial Way, Stanford, California 94305-5015)

Abstract

We study the effect of user incentives on software security in a network of individual users under costly patching and negative network security externalities. For proprietary software or freeware, we compare four alternative policies to manage network security: (i) consumer self-patching (where no external incentives are provided for patching or purchasing); (ii) mandatory patching; (iii) patching rebate; and (iv) usage tax. We show that for proprietary software, when the software security risk and the patching costs are high, for both a welfare-maximizing social planner and a profit-maximizing vendor, a patching rebate dominates the other policies. However, when the patching cost or the security risk is low, self-patching is best. We also show that when a rebate is effective, the profit-maximizing rebate is decreasing in the security risk and increasing in patching costs. The welfare-maximizing rebates are also increasing in patching costs, but can be increasing in the effective security risk when patching costs are high. For freeware, a usage tax is the most effective policy except when both patching costs, and security risk are low, in which case a patching rebate prevails. Optimal patching rebates and taxes tend to increase with increased security risk and patching costs, but can decrease in the security risk for high-risk levels. Our results suggest that both the value generated from software and vendor profits can be significantly improved by mechanisms that target user incentives to maintain software security.

Suggested Citation

  • Terrence August & Tunay I. Tunca, 2006. "Network Software Security and User Incentives," Management Science, INFORMS, vol. 52(11), pages 1703-1720, November.
    • Handle: RePEc:inm:ormnsc:v:52:y:2006:i:11:p:1703-1720
    DOI: 10.1287/mnsc.1060.0568
    as

    Download full text from publisher

    File URL: http://dx.doi.org/10.1287/mnsc.1060.0568
    Download Restriction: no
    File URL: https://libkey.io/10.1287/mnsc.1060.0568?utm_source=ideas
    LibKey link: if access is restricted and if your library uses this service, LibKey will redirect you to where you can use your library subscription to access this item
    ---><---

    References listed on IDEAS

    as
    1. Goldman Steven Marc & Lightwood James, 2002. "Cost Optimization in the SIS Model of Infectious Disease with Treatment," The B.E. Journal of Economic Analysis & Policy, De Gruyter, vol. 2(1), pages 1-24, April.
    2. Mark Gersovitz & Jeffrey S. Hammer, 2004. "The Economical Control of Infectious Diseases," Economic Journal, Royal Economic Society, vol. 114(492), pages 1-27, January.
    3. Gersovitz, Mark & Hammer, Jeffrey S., 2005. "Tax/subsidy policies toward vector-borne infectious diseases," Journal of Public Economics, Elsevier, vol. 89(4), pages 647-674, April.
    4. Geoffard, Pierre-Yves & Philipson, Tomas, 1996. "Rational Epidemics and Their Public Control," International Economic Review, Department of Economics, University of Pennsylvania and Osaka University Institute of Social and Economic Research Association, vol. 37(3), pages 603-624, August.
    5. Michael Kremer, 1996. "Integrating Behavioral Choice into Epidemiological Models of AIDS," The Quarterly Journal of Economics, President and Fellows of Harvard College, vol. 111(2), pages 549-573.
    6. Kessing, Sebastian G. & Nuscheler, Robert, 2006. "Monopoly pricing with negative network effects: The case of vaccines," European Economic Review, Elsevier, vol. 50(4), pages 1061-1069, May.
    7. Francis, Peter J., 1997. "Dynamic epidemiology and the market for vaccinations," Journal of Public Economics, Elsevier, vol. 63(3), pages 383-406, February.
    8. Fershtman, Chaim & Gandal, Neil & Choi, Jay Pil, 2005. "Internet Security, Vulnerability Disclosure and Software Provision," CEPR Discussion Papers 5269, C.E.P.R. Discussion Papers.
    9. Howard Kunreuther & Geoffrey Heal, 2002. "Interdependent Security: The Case of Identical Agents," NBER Working Papers 8871, National Bureau of Economic Research, Inc.
    10. Michael Kremer, 1996. "Integrating Behavioral Choice into Epidemiological Models of the AIDS Epidemic," NBER Working Papers 5428, National Bureau of Economic Research, Inc.
    11. Brito, Dagobert L. & Sheshinski, Eytan & Intriligator, Michael D., 1991. "Externalities and compulsary vaccinations," Journal of Public Economics, Elsevier, vol. 45(1), pages 69-90, June.
    Full references (including those not matched with items on IDEAS)

    Most related items

    These are the items that most often cite the same works as this one and are cited by the same works as this one.
    1. Goyal, Sanjeev & Vigier, Adrien, 2015. "Interaction, protection and epidemics," Journal of Public Economics, Elsevier, vol. 125(C), pages 64-69.
    2. Rikard Forslid & Mathias Herzing, 2015. "On the Optimal Production Capacity for Influenza Vaccine," Health Economics, John Wiley & Sons, Ltd., vol. 24(6), pages 726-741, June.
    3. Sabine Liebenehm & Bernard Bett & Cristobal Verdugo & Mohamed Said, 2016. "Optimal Drug Control under Risk of Drug Resistance – The Case of African Animal Trypanosomosis," Journal of Agricultural Economics, Wiley Blackwell, vol. 67(2), pages 510-533, June.
    4. Sims, Charles & Finnoff, David & O’Regan, Suzanne M., 2016. "Public control of rational and unpredictable epidemics," Journal of Economic Behavior & Organization, Elsevier, vol. 132(PB), pages 161-176.
    5. Goodkin-Gold, Matthew & Kremer, Michael & Snyder, Christopher M. & Williams, Heidi, 2022. "Optimal vaccine subsidies for endemic diseases," International Journal of Industrial Organization, Elsevier, vol. 84(C).
    6. Toxvaerd, Flavio, 2010. "Recurrent Infection and Externalities in Prevention," CEPR Discussion Papers 8112, C.E.P.R. Discussion Papers.
    7. David E. Bloom & Michael Kuhn & Klaus Prettner, 2022. "Modern Infectious Diseases: Macroeconomic Impacts and Policy Responses," Journal of Economic Literature, American Economic Association, vol. 60(1), pages 85-131, March.
    8. Aadland David & Finnoff David C. & Huang Kevin X.D., 2013. "Syphilis Cycles," The B.E. Journal of Economic Analysis & Policy, De Gruyter, vol. 14(1), pages 297-348, June.
    9. Stéphane Mechoulan, 2007. "Market structure and communicable diseases," Canadian Journal of Economics/Revue canadienne d'économique, John Wiley & Sons, vol. 40(2), pages 468-492, May.
    10. Rowthorn, Robert & Toxvaerd, Flavio, 2012. "The Optimal Control of Infectious Diseases via Prevention and Treatment," CEPR Discussion Papers 8925, C.E.P.R. Discussion Papers.
    11. Fenichel, Eli P., 2013. "Economic considerations for social distancing and behavioral based policies during an epidemic," Journal of Health Economics, Elsevier, vol. 32(2), pages 440-451.
    12. d’Albis, Hippolyte & Augeraud-Véron, Emmanuelle, 2021. "Optimal prevention and elimination of infectious diseases," Journal of Mathematical Economics, Elsevier, vol. 93(C).
    13. Barrett, Scott & Hoel, Michael, 2007. "Optimal disease eradication," Environment and Development Economics, Cambridge University Press, vol. 12(5), pages 627-652, October.
    14. Francis, P.J. Peter J., 2004. "Optimal tax/subsidy combinations for the flu season," Journal of Economic Dynamics and Control, Elsevier, vol. 28(10), pages 2037-2054, September.
    15. Konstantinos Gkillas & Christoforos Konstantatos & Costas Siriopoulos, 2021. "Uncertainty Due to Infectious Diseases and Stock–Bond Correlation," Econometrics, MDPI, vol. 9(2), pages 1-18, April.
    16. Na Hao & Gervan Fearon, 2009. "Government Funding Policy Towards Communicable Diseases," Atlantic Economic Journal, Springer;International Atlantic Economic Society, vol. 37(2), pages 121-134, June.
    17. Joshua S. Gans, 2020. "The Economic Consequences of R̂ = 1: Towards a Workable Behavioural Epidemiological Model of Pandemics," NBER Working Papers 27632, National Bureau of Economic Research, Inc.
    18. Eric Nævdal, 2012. "Fighting Transient Epidemics—Optimal Vaccination Schedules Before And After An Outbreak," Health Economics, John Wiley & Sons, Ltd., vol. 21(12), pages 1456-1476, December.
    19. Telalagic, S., 2012. "Optimal Treatment of an SIS Disease with Two Strains," Cambridge Working Papers in Economics 1229, Faculty of Economics, University of Cambridge.
    20. Joshua S. Gans, 2023. "Vaccine Hesitancy, Passports, And The Demand For Vaccination," International Economic Review, Department of Economics, University of Pennsylvania and Osaka University Institute of Social and Economic Research Association, vol. 64(2), pages 641-652, May.

    Corrections

    All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:inm:ormnsc:v:52:y:2006:i:11:p:1703-1720. See general information about how to correct material in RePEc.

    If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.

    If CitEc recognized a bibliographic reference but did not link an item in RePEc to it, you can help with this form .

    If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.

    For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: Chris Asher (email available below). General contact details of provider: https://edirc.repec.org/data/inforea.html .

    Please note that corrections may take a couple of weeks to filter through the various RePEc services.

    IDEAS is a RePEc service. RePEc uses bibliographic data supplied by the respective publishers.