Competition and patching of security vulnerabilities: An empirical analysis
We empirically estimate the effect of competition on vendor patching of software defects by exploiting variation in number of vendors that share a common flaw or common vulnerabilities. We distinguish between two effects: the direct competition effect when vendors in the same market share a vulnerability, and the indirect effect, which operates through non-rivals that operate in different markets but nonetheless share the same vulnerability. Using time to patch as our measure of quality, we find empirical support for both direct and indirect effects of competition. Our results show that ex-post product quality in software markets is not only conditioned by rivals that operate in the same product market, but by also non-rivals that share the same common flaw.
References listed on IDEAS
Please report citation or reference errors to , or , if you are the registered author of the cited work, log in to your RePEc Author Service profile, click on "citations" and make appropriate adjustments.:
- A. Michael Spence, 1975. "Monopoly, Quality, and Regulation," Bell Journal of Economics, The RAND Corporation, vol. 6(2), pages 417-429, Autumn.
- Domberger, Simon & Sherr, Avrom, 1989. "The impact of competition on pricing and quality of legal services," International Review of Law and Economics, Elsevier, vol. 9(1), pages 41-56, June.
- Karthik Kannan & Rahul Telang, 2005. "Market for Software Vulnerabilities? Think Again," Management Science, INFORMS, vol. 51(5), pages 726-740, May.
- Rajiv D. Banker & Gordon B. Davis & Sandra A. Slaughter, 1998. "Software Development Practices, Software Complexity, and Software Maintenance Performance: A Field Study," Management Science, INFORMS, vol. 44(4), pages 433-450, April.
- Forman, Chris & Goldfarb, Avi & Greenstein, Shane, 2005. "How did location affect adoption of the commercial Internet? Global village vs. urban leadership," Journal of Urban Economics, Elsevier, vol. 58(3), pages 389-420, November.
- David Levhari & Yoram Peles, 1973. "Market Structure, Quality and Durability," Bell Journal of Economics, The RAND Corporation, vol. 4(1), pages 235-248, Spring.
- Ashish Arora & Rahul Telang & Hao Xu, 2008. "Optimal Policy for Software Vulnerability Disclosure," Management Science, INFORMS, vol. 54(4), pages 642-656, April.
- Caroline M. Hoxby, 2000.
"Does Competition among Public Schools Benefit Students and Taxpayers?,"
American Economic Review,
American Economic Association, vol. 90(5), pages 1209-1238, December.
- Caroline Minter Hoxby, 1994. "Does Competition Among Public Schools Benefit Students and Taxpayers?," NBER Working Papers 4979, National Bureau of Economic Research, Inc.
- Timothy F. Bresnahan & Shane Greenstein, 1997.
"Technological Competition and the Structure of the Computer Industry,"
97028, Stanford University, Department of Economics.
- Bresnahan, Timothy F & Greenstein, Shane, 1999. "Technological Competition and the Structure of the Computer Industry," Journal of Industrial Economics, Wiley Blackwell, vol. 47(1), pages 1-40, March.
- Ashish Arora & Jonathan P. Caulkins & Rahul Telang, 2006. "Research Note--Sell First, Fix Later: Impact of Patching on Software Quality," Management Science, INFORMS, vol. 52(3), pages 465-471, March.
- Michael Mazzeo, 2003. "Competition and Service Quality in the U.S. Airline Industry," Review of Industrial Organization, Springer, vol. 22(4), pages 275-296, June.
- Dranove, David & White, William D, 1994. "Recent Theory and Evidence on Competition in Hospital Markets," Journal of Economics & Management Strategy, Wiley Blackwell, vol. 3(1), pages 169-209, Spring.
- Donald E. Harter & Mayuram S. Krishnan & Sandra A. Slaughter, 2000. "Effects of Process Maturity on Quality, Cycle Time, and Effort in Software Product Development," Management Science, INFORMS, vol. 46(4), pages 451-466, April.
- Amalia R. Miller & Catherine Tucker, 2009.
"Privacy Protection and Technology Diffusion: The Case of Electronic Medical Records,"
INFORMS, vol. 55(7), pages 1077-1093, July.
- Catherine Tucker & Amalia Miller, 2007. "Privacy Protection and Technology Diffusion: The Case of Electronic Medical Records," Working Papers 07-16, NET Institute, revised Sep 2007.
- Nizovtsev, Dmitri & Thursby, Marie, 2007. "To disclose or not? An analysis of software user behavior," Information Economics and Policy, Elsevier, vol. 19(1), pages 43-64, March.
- Borenstein, Severin & Netz, Janet, 1999. "Why do all the flights leave at 8 am?: Competition and departure-time differentiation in airline markets," International Journal of Industrial Organization, Elsevier, vol. 17(5), pages 611-640, July.
- Schmalensee, Richard, 1979. "Market Structure, Durability, and Quality: A Selective Survey," Economic Inquiry, Western Economic Association International, vol. 17(2), pages 177-96, April.
- Andrew Cohen & Michael J. Mazzeo, 2004. "Competition, product differentiation and quality provision: an empirical equilibrium analysis of bank branching decisions," Finance and Economics Discussion Series 2004-46, Board of Governors of the Federal Reserve System (U.S.).
When requesting a correction, please mention this item's handle: RePEc:eee:iepoli:v:22:y:2010:i:2:p:164-177. See general information about how to correct material in RePEc.
For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: (Zhang, Lei)
If references are entirely missing, you can add them using this form.