Competition and patching of security vulnerabilities: An empirical analysis
We empirically estimate the effect of competition on vendor patching of software defects by exploiting variation in number of vendors that share a common flaw or common vulnerabilities. We distinguish between two effects: the direct competition effect when vendors in the same market share a vulnerability, and the indirect effect, which operates through non-rivals that operate in different markets but nonetheless share the same vulnerability. Using time to patch as our measure of quality, we find empirical support for both direct and indirect effects of competition. Our results show that ex-post product quality in software markets is not only conditioned by rivals that operate in the same product market, but by also non-rivals that share the same common flaw.
If you experience problems downloading a file, check if you have the proper application to view it first. In case of further problems read the IDEAS help page. Note that these files are not on the IDEAS site. Please be patient as the files may be large.
As the access to this document is restricted, you may want to look for a different version under "Related research" (further below) or search for a different version of it.
References listed on IDEAS
Please report citation or reference errors to , or , if you are the registered author of the cited work, log in to your RePEc Author Service profile, click on "citations" and make appropriate adjustments.:
- Ashish Arora & Jonathan P. Caulkins & Rahul Telang, 2006. "Research Note--Sell First, Fix Later: Impact of Patching on Software Quality," Management Science, INFORMS, vol. 52(3), pages 465-471, March.
- Borenstein, Severin & Netz, Janet, 1999. "Why do all the flights leave at 8 am?: Competition and departure-time differentiation in airline markets," International Journal of Industrial Organization, Elsevier, vol. 17(5), pages 611-640, July.
- Bresnahan, Timothy F & Greenstein, Shane, 1999.
"Technological Competition and the Structure of the Computer Industry,"
Journal of Industrial Economics,
Wiley Blackwell, vol. 47(1), pages 1-40, March.
- Timothy F. Bresnahan & Shane Greenstein, 1997. "Technological Competition and the Structure of the Computer Industry," Working Papers 97028, Stanford University, Department of Economics.
- Caroline M. Hoxby, 2000. "Does Competition among Public Schools Benefit Students and Taxpayers?," American Economic Review, American Economic Association, vol. 90(5), pages 1209-1238, December.
- Caroline Minter Hoxby, 1994. "Does Competition Among Public Schools Benefit Students and Taxpayers?," NBER Working Papers 4979, National Bureau of Economic Research, Inc.
- Nizovtsev, Dmitri & Thursby, Marie, 2007. "To disclose or not? An analysis of software user behavior," Information Economics and Policy, Elsevier, vol. 19(1), pages 43-64, March.
- Ashish Arora & Rahul Telang & Hao Xu, 2008. "Optimal Policy for Software Vulnerability Disclosure," Management Science, INFORMS, vol. 54(4), pages 642-656, April.
- Dranove, David & White, William D, 1994. "Recent Theory and Evidence on Competition in Hospital Markets," Journal of Economics & Management Strategy, Wiley Blackwell, vol. 3(1), pages 169-209, Spring.
- Amalia R. Miller & Catherine Tucker, 2009. "Privacy Protection and Technology Diffusion: The Case of Electronic Medical Records," Management Science, INFORMS, vol. 55(7), pages 1077-1093, July.
- Catherine Tucker & Amalia Miller, 2007. "Privacy Protection and Technology Diffusion: The Case of Electronic Medical Records," Working Papers 07-16, NET Institute, revised Sep 2007.
- Domberger, Simon & Sherr, Avrom, 1989. "The impact of competition on pricing and quality of legal services," International Review of Law and Economics, Elsevier, vol. 9(1), pages 41-56, June.
- Rajiv D. Banker & Gordon B. Davis & Sandra A. Slaughter, 1998. "Software Development Practices, Software Complexity, and Software Maintenance Performance: A Field Study," Management Science, INFORMS, vol. 44(4), pages 433-450, April.
- David Levhari & Yoram Peles, 1973. "Market Structure, Quality and Durability," Bell Journal of Economics, The RAND Corporation, vol. 4(1), pages 235-248, Spring.
- Forman, Chris & Goldfarb, Avi & Greenstein, Shane, 2005. "How did location affect adoption of the commercial Internet? Global village vs. urban leadership," Journal of Urban Economics, Elsevier, vol. 58(3), pages 389-420, November.
- Andrew Cohen & Michael Mazzeo, 2004. "Competition, product differentiation and quality provision: an empirical equilibrium analysis of bank branching decisions," Finance and Economics Discussion Series 2004-46, Board of Governors of the Federal Reserve System (U.S.).
- Donald E. Harter & Mayuram S. Krishnan & Sandra A. Slaughter, 2000. "Effects of Process Maturity on Quality, Cycle Time, and Effort in Software Product Development," Management Science, INFORMS, vol. 46(4), pages 451-466, April.
- Michael Mazzeo, 2003. "Competition and Service Quality in the U.S. Airline Industry," Review of Industrial Organization, Springer;The Industrial Organization Society, vol. 22(4), pages 275-296, June.
- Karthik Kannan & Rahul Telang, 2005. "Market for Software Vulnerabilities? Think Again," Management Science, INFORMS, vol. 51(5), pages 726-740, May.
- Schmalensee, Richard, 1979. "Market Structure, Durability, and Quality: A Selective Survey," Economic Inquiry, Western Economic Association International, vol. 17(2), pages 177-196, April.
- A. Michael Spence, 1975. "Monopoly, Quality, and Regulation," Bell Journal of Economics, The RAND Corporation, vol. 6(2), pages 417-429, Autumn. Full references (including those not matched with items on IDEAS)