Network Software Security and User Incentives
We study the effect of user incentives on software security in a network of individual users under costly patching and negative network security externalities. For proprietary software or freeware, we compare four alternative policies to manage network security: (i) consumer self-patching (where no external incentives are provided for patching or purchasing); (ii) mandatory patching; (iii) patching rebate; and (iv) usage tax. We show that for proprietary software, when the software security risk and the patching costs are high, for both a welfare-maximizing social planner and a profit-maximizing vendor, a patching rebate dominates the other policies. However, when the patching cost or the security risk is low, self-patching is best. We also show that when a rebate is effective, the profit-maximizing rebate is decreasing in the security risk and increasing in patching costs. The welfare-maximizing rebates are also increasing in patching costs, but can be increasing in the effective security risk when patching costs are high. For freeware, a usage tax is the most effective policy except when both patching costs, and security risk are low, in which case a patching rebate prevails. Optimal patching rebates and taxes tend to increase with increased security risk and patching costs, but can decrease in the security risk for high-risk levels. Our results suggest that both the value generated from software and vendor profits can be significantly improved by mechanisms that target user incentives to maintain software security.
Volume (Year): 52 (2006)
Issue (Month): 11 (November)
|Contact details of provider:|| Postal: 7240 Parkway Drive, Suite 300, Hanover, MD 21076 USA|
Web page: http://www.informs.org/
More information through EDIRC
References listed on IDEAS
Please report citation or reference errors to , or , if you are the registered author of the cited work, log in to your RePEc Author Service profile, click on "citations" and make appropriate adjustments.:
- Francis, Peter J., 1997. "Dynamic epidemiology and the market for vaccinations," Journal of Public Economics, Elsevier, vol. 63(3), pages 383-406, February.
- Goldman Steven Marc & Lightwood James, 2002.
"Cost Optimization in the SIS Model of Infectious Disease with Treatment,"
The B.E. Journal of Economic Analysis & Policy,
De Gruyter, vol. 2(1), pages 1-24, April.
- Goldman, Steven M. & Lightwood, James, 1996. "Cost Optimization in the SIS Model of Infectious Disease with Treatment," Department of Economics, Working Paper Series qt0r88q87t, Department of Economics, Institute for Business and Economic Research, UC Berkeley.
- Steven M. Goldman and James Lightwood., 1996. "Cost Optimization in the SIS Model of Infectious Disease with Treatment," Economics Working Papers 96-245, University of California at Berkeley.
- Mark Gersovitz & Jeffrey S. Hammer, 2004.
"The Economical Control of Infectious Diseases,"
Royal Economic Society, vol. 114(492), pages 1-27, January.
- Gersovitz, Mark & Hammer, Jeffrey S., 2001. "The economic control of infectious diseases," Policy Research Working Paper Series 2607, The World Bank.
- Gersovitz, Mark & Hammer, Jeffrey S., 2005. "Tax/subsidy policies toward vector-borne infectious diseases," Journal of Public Economics, Elsevier, vol. 89(4), pages 647-674, April.
- Geoffard, Pierre-Yves & Philipson, Tomas, 1996. "Rational Epidemics and Their Public Control," International Economic Review, Department of Economics, University of Pennsylvania and Osaka University Institute of Social and Economic Research Association, vol. 37(3), pages 603-624, August.
- Geoffard, P.Y. & Philipson, T., 1995. "Rational Epidemics and their Public Control," DELTA Working Papers 95-15, DELTA (Ecole normale supérieure).
- Michael Kremer, 1996. "Integrating Behavioral Choice into Epidemiological Models of AIDS," The Quarterly Journal of Economics, Oxford University Press, vol. 111(2), pages 549-573.
- Howard Kunreuther & Geoffrey Heal, 2002. "Interdependent Security: The Case of Identical Agents," NBER Working Papers 8871, National Bureau of Economic Research, Inc.
- Michael Kremer, 1996. "Integrating Behavioral Choice into Epidemiological Models of the AIDS Epidemic," NBER Working Papers 5428, National Bureau of Economic Research, Inc.
- Kessing, Sebastian G. & Nuscheler, Robert, 2006. "Monopoly pricing with negative network effects: The case of vaccines," European Economic Review, Elsevier, vol. 50(4), pages 1061-1069, May.
- Kessing, Sebastian & Nuscheler, Robert, 2003.
"Monopoly pricing with negative network effects: the case of vaccines
[Monopolpreisbildung mit negativen Netzwerkeffekten am Beispiel von Impfstoffen]," Discussion Papers, Research Unit: Market Processes and Governance SP II 2003-06, Social Science Research Center Berlin (WZB).
- Brito, Dagobert L. & Sheshinski, Eytan & Intriligator, Michael D., 1991. "Externalities and compulsary vaccinations," Journal of Public Economics, Elsevier, vol. 45(1), pages 69-90, June. Full references (including those not matched with items on IDEAS)
When requesting a correction, please mention this item's handle: RePEc:inm:ormnsc:v:52:y:2006:i:11:p:1703-1720. See general information about how to correct material in RePEc.
For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: (Mirko Janc)
If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.
If references are entirely missing, you can add them using this form.
If the full references list an item that is present in RePEc, but the system did not link to it, you can help with this form.
If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your profile, as there may be some citations waiting for confirmation.
Please note that corrections may take a couple of weeks to filter through the various RePEc services.