Competition and patching of security vulnerabilities: An empirical analysis
We empirically estimate the effect of competition on vendor patching of software defects by exploiting variation in number of vendors that share a common flaw or common vulnerabilities. We distinguish between two effects: the direct competition effect when vendors in the same market share a vulnerability, and the indirect effect, which operates through non-rivals that operate in different markets but nonetheless share the same vulnerability. Using time to patch as our measure of quality, we find empirical support for both direct and indirect effects of competition. Our results show that ex-post product quality in software markets is not only conditioned by rivals that operate in the same product market, but by also non-rivals that share the same common flaw.
If you experience problems downloading a file, check if you have the proper application to view it first. In case of further problems read the IDEAS help page. Note that these files are not on the IDEAS site. Please be patient as the files may be large.
As the access to this document is restricted, you may want to look for a different version under "Related research" (further below) or search for a different version of it.
References listed on IDEAS
Please report citation or reference errors to , or , if you are the registered author of the cited work, log in to your RePEc Author Service profile, click on "citations" and make appropriate adjustments.:
- Caroline Minter Hoxby, 1994.
"Does Competition Among Public Schools Benefit Students and Taxpayers?,"
NBER Working Papers
4979, National Bureau of Economic Research, Inc.
- Caroline M. Hoxby, 2000. "Does Competition among Public Schools Benefit Students and Taxpayers?," American Economic Review, American Economic Association, vol. 90(5), pages 1209-1238, December.
- Rajiv D. Banker & Gordon B. Davis & Sandra A. Slaughter, 1998. "Software Development Practices, Software Complexity, and Software Maintenance Performance: A Field Study," Management Science, INFORMS, vol. 44(4), pages 433-450, April.
- Schmalensee, Richard, 1979. "Market Structure, Durability, and Quality: A Selective Survey," Economic Inquiry, Western Economic Association International, vol. 17(2), pages 177-96, April.
- Forman, Chris & Goldfarb, Avi & Greenstein, Shane, 2005. "How did location affect adoption of the commercial Internet? Global village vs. urban leadership," Journal of Urban Economics, Elsevier, vol. 58(3), pages 389-420, November.
- Timothy F. Bresnahan & Shane Greenstein, 1997.
"Technological Competition and the Structure of the Computer Industry,"
97028, Stanford University, Department of Economics.
- Bresnahan, Timothy F & Greenstein, Shane, 1999. "Technological Competition and the Structure of the Computer Industry," Journal of Industrial Economics, Wiley Blackwell, vol. 47(1), pages 1-40, March.
- Karthik Kannan & Rahul Telang, 2005. "Market for Software Vulnerabilities? Think Again," Management Science, INFORMS, vol. 51(5), pages 726-740, May.
- Nizovtsev, Dmitri & Thursby, Marie, 2007. "To disclose or not? An analysis of software user behavior," Information Economics and Policy, Elsevier, vol. 19(1), pages 43-64, March.
- Domberger, Simon & Sherr, Avrom, 1989. "The impact of competition on pricing and quality of legal services," International Review of Law and Economics, Elsevier, vol. 9(1), pages 41-56, June.
- Donald E. Harter & Mayuram S. Krishnan & Sandra A. Slaughter, 2000. "Effects of Process Maturity on Quality, Cycle Time, and Effort in Software Product Development," Management Science, INFORMS, vol. 46(4), pages 451-466, April.
- Borenstein, Severin & Netz, Janet, 1999. "Why do all the flights leave at 8 am?: Competition and departure-time differentiation in airline markets," International Journal of Industrial Organization, Elsevier, vol. 17(5), pages 611-640, July.
- A. Michael Spence, 1975. "Monopoly, Quality, and Regulation," Bell Journal of Economics, The RAND Corporation, vol. 6(2), pages 417-429, Autumn.
- Andrew Cohen & Michael J. Mazzeo, 2004. "Competition, product differentiation and quality provision: an empirical equilibrium analysis of bank branching decisions," Finance and Economics Discussion Series 2004-46, Board of Governors of the Federal Reserve System (U.S.).
- Dranove, David & White, William D, 1994. "Recent Theory and Evidence on Competition in Hospital Markets," Journal of Economics & Management Strategy, Wiley Blackwell, vol. 3(1), pages 169-209, Spring.
- Michael Mazzeo, 2003. "Competition and Service Quality in the U.S. Airline Industry," Review of Industrial Organization, Springer, vol. 22(4), pages 275-296, June.
- Catherine Tucker & Amalia Miller, 2007.
"Privacy Protection and Technology Diffusion: The Case of Electronic Medical Records,"
07-16, NET Institute, revised Sep 2007.
- Amalia R. Miller & Catherine Tucker, 2009. "Privacy Protection and Technology Diffusion: The Case of Electronic Medical Records," Management Science, INFORMS, vol. 55(7), pages 1077-1093, July.
- Ashish Arora & Jonathan P. Caulkins & Rahul Telang, 2006. "Research Note--Sell First, Fix Later: Impact of Patching on Software Quality," Management Science, INFORMS, vol. 52(3), pages 465-471, March.
- Ashish Arora & Rahul Telang & Hao Xu, 2008. "Optimal Policy for Software Vulnerability Disclosure," Management Science, INFORMS, vol. 54(4), pages 642-656, April.
- David Levhari & Yoram Peles, 1973. "Market Structure, Quality and Durability," Bell Journal of Economics, The RAND Corporation, vol. 4(1), pages 235-248, Spring.
When requesting a correction, please mention this item's handle: RePEc:eee:iepoli:v:22:y:2010:i:2:p:164-177. See general information about how to correct material in RePEc.
For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: (Zhang, Lei)
If references are entirely missing, you can add them using this form.