IDEAS home Printed from
   My bibliography  Save this article

Competition and patching of security vulnerabilities: An empirical analysis


  • Arora, Ashish
  • Forman, Chris
  • Nandkumar, Anand
  • Telang, Rahul


We empirically estimate the effect of competition on vendor patching of software defects by exploiting variation in number of vendors that share a common flaw or common vulnerabilities. We distinguish between two effects: the direct competition effect when vendors in the same market share a vulnerability, and the indirect effect, which operates through non-rivals that operate in different markets but nonetheless share the same vulnerability. Using time to patch as our measure of quality, we find empirical support for both direct and indirect effects of competition. Our results show that ex-post product quality in software markets is not only conditioned by rivals that operate in the same product market, but by also non-rivals that share the same common flaw.

Suggested Citation

  • Arora, Ashish & Forman, Chris & Nandkumar, Anand & Telang, Rahul, 2010. "Competition and patching of security vulnerabilities: An empirical analysis," Information Economics and Policy, Elsevier, vol. 22(2), pages 164-177, May.
  • Handle: RePEc:eee:iepoli:v:22:y:2010:i:2:p:164-177

    Download full text from publisher

    File URL:
    Download Restriction: Full text for ScienceDirect subscribers only

    As the access to this document is restricted, you may want to search for a different version of it.

    References listed on IDEAS

    1. Ashish Arora & Jonathan P. Caulkins & Rahul Telang, 2006. "Research Note--Sell First, Fix Later: Impact of Patching on Software Quality," Management Science, INFORMS, vol. 52(3), pages 465-471, March.
    2. Borenstein, Severin & Netz, Janet, 1999. "Why do all the flights leave at 8 am?: Competition and departure-time differentiation in airline markets," International Journal of Industrial Organization, Elsevier, vol. 17(5), pages 611-640, July.
    3. Bresnahan, Timothy F & Greenstein, Shane, 1999. "Technological Competition and the Structure of the Computer Industry," Journal of Industrial Economics, Wiley Blackwell, vol. 47(1), pages 1-40, March.
    4. Caroline M. Hoxby, 2000. "Does Competition among Public Schools Benefit Students and Taxpayers?," American Economic Review, American Economic Association, vol. 90(5), pages 1209-1238, December.
    5. Nizovtsev, Dmitri & Thursby, Marie, 2007. "To disclose or not? An analysis of software user behavior," Information Economics and Policy, Elsevier, vol. 19(1), pages 43-64, March.
    6. Ashish Arora & Rahul Telang & Hao Xu, 2008. "Optimal Policy for Software Vulnerability Disclosure," Management Science, INFORMS, vol. 54(4), pages 642-656, April.
    7. Dranove, David & White, William D, 1994. "Recent Theory and Evidence on Competition in Hospital Markets," Journal of Economics & Management Strategy, Wiley Blackwell, vol. 3(1), pages 169-209, Spring.
    8. Amalia R. Miller & Catherine Tucker, 2009. "Privacy Protection and Technology Diffusion: The Case of Electronic Medical Records," Management Science, INFORMS, vol. 55(7), pages 1077-1093, July.
    9. Domberger, Simon & Sherr, Avrom, 1989. "The impact of competition on pricing and quality of legal services," International Review of Law and Economics, Elsevier, vol. 9(1), pages 41-56, June.
    10. Rajiv D. Banker & Gordon B. Davis & Sandra A. Slaughter, 1998. "Software Development Practices, Software Complexity, and Software Maintenance Performance: A Field Study," Management Science, INFORMS, vol. 44(4), pages 433-450, April.
    11. David Levhari & Yoram Peles, 1973. "Market Structure, Quality and Durability," Bell Journal of Economics, The RAND Corporation, vol. 4(1), pages 235-248, Spring.
    12. Forman, Chris & Goldfarb, Avi & Greenstein, Shane, 2005. "How did location affect adoption of the commercial Internet? Global village vs. urban leadership," Journal of Urban Economics, Elsevier, vol. 58(3), pages 389-420, November.
    13. Andrew Cohen & Michael Mazzeo, 2004. "Competition, product differentiation and quality provision: an empirical equilibrium analysis of bank branching decisions," Finance and Economics Discussion Series 2004-46, Board of Governors of the Federal Reserve System (U.S.).
    14. Donald E. Harter & Mayuram S. Krishnan & Sandra A. Slaughter, 2000. "Effects of Process Maturity on Quality, Cycle Time, and Effort in Software Product Development," Management Science, INFORMS, vol. 46(4), pages 451-466, April.
    15. Michael Mazzeo, 2003. "Competition and Service Quality in the U.S. Airline Industry," Review of Industrial Organization, Springer;The Industrial Organization Society, vol. 22(4), pages 275-296, June.
    16. Karthik Kannan & Rahul Telang, 2005. "Market for Software Vulnerabilities? Think Again," Management Science, INFORMS, vol. 51(5), pages 726-740, May.
    17. Schmalensee, Richard, 1979. "Market Structure, Durability, and Quality: A Selective Survey," Economic Inquiry, Western Economic Association International, vol. 17(2), pages 177-196, April.
    Full references (including those not matched with items on IDEAS)


    Citations are extracted by the CitEc Project, subscribe to its RSS feed for this item.

    Cited by:

    1. Brekke, Kurt R. & Siciliani, Luigi & Straume, Odd Rune, 2010. "Price and quality in spatial competition," Regional Science and Urban Economics, Elsevier, vol. 40(6), pages 471-480, November.


    All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:eee:iepoli:v:22:y:2010:i:2:p:164-177. See general information about how to correct material in RePEc.

    For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: (Dana Niculescu). General contact details of provider: .

    If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.

    If CitEc recognized a reference but did not link an item in RePEc to it, you can help with this form .

    If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.

    Please note that corrections may take a couple of weeks to filter through the various RePEc services.

    IDEAS is a RePEc service hosted by the Research Division of the Federal Reserve Bank of St. Louis . RePEc uses bibliographic data supplied by the respective publishers.