IDEAS home Printed from https://ideas.repec.org/
MyIDEAS: Log in (now much improved!) to save this article

Network Software Security and User Incentives

Listed author(s):
  • Terrence August

    ()

    (Graduate School of Business, Stanford University, 518 Memorial Way, Stanford, California 94305-5015)

  • Tunay I. Tunca

    ()

    (Graduate School of Business, Stanford University, 518 Memorial Way, Stanford, California 94305-5015)

Registered author(s):

    We study the effect of user incentives on software security in a network of individual users under costly patching and negative network security externalities. For proprietary software or freeware, we compare four alternative policies to manage network security: (i) consumer self-patching (where no external incentives are provided for patching or purchasing); (ii) mandatory patching; (iii) patching rebate; and (iv) usage tax. We show that for proprietary software, when the software security risk and the patching costs are high, for both a welfare-maximizing social planner and a profit-maximizing vendor, a patching rebate dominates the other policies. However, when the patching cost or the security risk is low, self-patching is best. We also show that when a rebate is effective, the profit-maximizing rebate is decreasing in the security risk and increasing in patching costs. The welfare-maximizing rebates are also increasing in patching costs, but can be increasing in the effective security risk when patching costs are high. For freeware, a usage tax is the most effective policy except when both patching costs, and security risk are low, in which case a patching rebate prevails. Optimal patching rebates and taxes tend to increase with increased security risk and patching costs, but can decrease in the security risk for high-risk levels. Our results suggest that both the value generated from software and vendor profits can be significantly improved by mechanisms that target user incentives to maintain software security.

    If you experience problems downloading a file, check if you have the proper application to view it first. In case of further problems read the IDEAS help page. Note that these files are not on the IDEAS site. Please be patient as the files may be large.

    File URL: http://dx.doi.org/10.1287/mnsc.1060.0568
    Download Restriction: no

    Article provided by INFORMS in its journal Management Science.

    Volume (Year): 52 (2006)
    Issue (Month): 11 (November)
    Pages: 1703-1720

    as
    in new window

    Handle: RePEc:inm:ormnsc:v:52:y:2006:i:11:p:1703-1720
    Contact details of provider: Postal:
    7240 Parkway Drive, Suite 300, Hanover, MD 21076 USA

    Phone: +1-443-757-3500
    Fax: 443-757-3515
    Web page: http://www.informs.org/
    Email:


    More information through EDIRC

    References listed on IDEAS
    Please report citation or reference errors to , or , if you are the registered author of the cited work, log in to your RePEc Author Service profile, click on "citations" and make appropriate adjustments.:

    as
    in new window


    1. Francis, Peter J., 1997. "Dynamic epidemiology and the market for vaccinations," Journal of Public Economics, Elsevier, vol. 63(3), pages 383-406, February.
    2. Goldman Steven Marc & Lightwood James, 2002. "Cost Optimization in the SIS Model of Infectious Disease with Treatment," The B.E. Journal of Economic Analysis & Policy, De Gruyter, vol. 2(1), pages 1-24, April.
    3. Mark Gersovitz & Jeffrey S. Hammer, 2004. "The Economical Control of Infectious Diseases," Economic Journal, Royal Economic Society, vol. 114(492), pages 1-27, January.
    4. Gersovitz, Mark & Hammer, Jeffrey S., 2005. "Tax/subsidy policies toward vector-borne infectious diseases," Journal of Public Economics, Elsevier, vol. 89(4), pages 647-674, April.
    5. Geoffard, Pierre-Yves & Philipson, Tomas, 1996. "Rational Epidemics and Their Public Control," International Economic Review, Department of Economics, University of Pennsylvania and Osaka University Institute of Social and Economic Research Association, vol. 37(3), pages 603-624, August.
    6. Michael Kremer, 1996. "Integrating Behavioral Choice into Epidemiological Models of AIDS," The Quarterly Journal of Economics, Oxford University Press, vol. 111(2), pages 549-573.
    7. Howard Kunreuther & Geoffrey Heal, 2002. "Interdependent Security: The Case of Identical Agents," NBER Working Papers 8871, National Bureau of Economic Research, Inc.
    8. Michael Kremer, 1996. "Integrating Behavioral Choice into Epidemiological Models of the AIDS Epidemic," NBER Working Papers 5428, National Bureau of Economic Research, Inc.
    9. Kessing, Sebastian G. & Nuscheler, Robert, 2006. "Monopoly pricing with negative network effects: The case of vaccines," European Economic Review, Elsevier, vol. 50(4), pages 1061-1069, May.
    10. Brito, Dagobert L. & Sheshinski, Eytan & Intriligator, Michael D., 1991. "Externalities and compulsary vaccinations," Journal of Public Economics, Elsevier, vol. 45(1), pages 69-90, June.
    Full references (including those not matched with items on IDEAS)

    This item is not listed on Wikipedia, on a reading list or among the top items on IDEAS.

    When requesting a correction, please mention this item's handle: RePEc:inm:ormnsc:v:52:y:2006:i:11:p:1703-1720. See general information about how to correct material in RePEc.

    For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: (Mirko Janc)

    If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.

    If references are entirely missing, you can add them using this form.

    If the full references list an item that is present in RePEc, but the system did not link to it, you can help with this form.

    If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your profile, as there may be some citations waiting for confirmation.

    Please note that corrections may take a couple of weeks to filter through the various RePEc services.

    This information is provided to you by IDEAS at the Research Division of the Federal Reserve Bank of St. Louis using RePEc data.