IDEAS home Printed from https://ideas.repec.org/a/inm/ormnsc/v65y2019i10p4575-4597.html
   My bibliography  Save this article

Market Segmentation and Software Security: Pricing Patching Rights

Author

Listed:
  • Terrence August

    (Rady School of Management, University of California, San Diego, La Jolla, California 92093-0553; Korea University Business School, Seongbok-gu, Seoul 136-701, Korea; Haskayne School of Business, University of Calgary, Calgary, Alberta T2N 1N4, Canada)

  • Duy Dao

    (Rady School of Management, University of California, San Diego, La Jolla, California 92093-0553)

  • Kihoon Kim

    (Korea University Business School, Seongbok-gu, Seoul 136-701, Korea; Haskayne School of Business, University of Calgary, Calgary, Alberta T2N 1N4, Canada)

Abstract

The patching approach to security in the software industry has been less effective than desired. One critical issue with the status quo is that the endowment of “patching rights” (the ability for a user to choose whether security updates are applied) lacks the incentive structure to induce better security-related decisions. However, producers can differentiate their products based on the provision of patching rights. By characterizing the price for these rights, the optimal discount provided to those who relinquish rights and have their systems automatically updated in a timely manner, and the consumption and protection strategies taken by users in equilibrium as they strategically interact because of the security externality associated with product vulnerabilities, it is shown that the optimal pricing of these rights can segment the market in a manner that leads to both greater security and greater profitability. This policy greatly reduces unpatched populations and has a relative hike in profitability that is increasing in the extent to which patches are bundled together. Social welfare may decrease when automated patching costs are small because strategic pricing contracts usage in the market and also incentivizes loss-inefficient choices. However, welfare benefits when the policy either (1) greatly expands automatic updating in cases in which it is minimally observed or (2) significantly reduces the patching process burden of those who most value the software.

Suggested Citation

  • Terrence August & Duy Dao & Kihoon Kim, 2019. "Market Segmentation and Software Security: Pricing Patching Rights," Management Science, INFORMS, vol. 65(10), pages 4575-4597, October.
    • Handle: RePEc:inm:ormnsc:v:65:y:2019:i:10:p:4575-4597
    DOI: 10.1287/mnsc.2018.3153
    as

    Download full text from publisher

    File URL: https://doi.org/10.1287/mnsc.2018.3153
    Download Restriction: no
    File URL: https://libkey.io/10.1287/mnsc.2018.3153?utm_source=ideas
    LibKey link: if access is restricted and if your library uses this service, LibKey will redirect you to where you can use your library subscription to access this item
    ---><---

    References listed on IDEAS

    as
    1. Hasan Cavusoglu & Huseyin Cavusoglu & Jun Zhang, 2008. "Security Patch Management: Share the Burden or Share the Damage?," Management Science, INFORMS, vol. 54(4), pages 657-670, April.
    2. J. Miguel Villas-Boas, 2004. "Communication Strategies and Product Line Design," Marketing Science, INFORMS, vol. 23(3), pages 304-316, January.
    3. Justin P. Johnson & David P. Myatt, 2003. "Multiproduct Quality Competition: Fighting Brands and Product Line Pruning," American Economic Review, American Economic Association, vol. 93(3), pages 748-774, June.
    4. Schmalensee, Richard, 1984. "Gaussian Demand and Commodity Bundling," The Journal of Business, University of Chicago Press, vol. 57(1), pages 211-230, January.
    5. Li, Lode & McKelvey, Richard D. & Page, Talbot, 1987. "Optimal research for cournot oligopolists," Journal of Economic Theory, Elsevier, vol. 42(1), pages 140-166, June.
    6. Fangruo Chen, 2001. "Market Segmentation, Advanced Demand Information, and Supply Chain Performance," Manufacturing & Service Operations Management, INFORMS, vol. 3(1), pages 53-67, February.
    7. Muller, Holger M., 2000. "Asymptotic Efficiency in Dynamic Principal-Agent Problems," Journal of Economic Theory, Elsevier, vol. 91(2), pages 292-301, April.
    8. Jaskold Gabszewicz, Jean & Shaked, Avner & Sutton, John & Thisse, Jacques-Francois, 1986. "Segmenting the market: The monopolist's optimal product mix," Journal of Economic Theory, Elsevier, vol. 39(2), pages 273-289, August.
    9. Pamela Pen-Erh Pei & David Simchi-Levi & Tunay I. Tunca, 2011. "Sourcing Flexibility, Spot Trading, and Procurement Contract Structure," Operations Research, INFORMS, vol. 59(3), pages 578-601, June.
    10. Terrence August & Tunay I. Tunca, 2011. "Who Should Be Responsible for Software Security? A Comparative Analysis of Liability Policies in Network Environments," Management Science, INFORMS, vol. 57(5), pages 934-959, May.
    11. Laurens G. Debo & L. Beril Toktay & Luk N. Van Wassenhove, 2005. "Market Segmentation and Product Technology Selection for Remanufacturable Products," Management Science, INFORMS, vol. 51(8), pages 1193-1205, August.
    12. Ashish Arora & Rahul Telang & Hao Xu, 2008. "Optimal Policy for Software Vulnerability Disclosure," Management Science, INFORMS, vol. 54(4), pages 642-656, April.
    13. John C. Eckalbar, 2010. "Closed‐Form Solutions to Bundling Problems," Journal of Economics & Management Strategy, Wiley Blackwell, vol. 19(2), pages 513-544, June.
    14. Jay Pil Choi & Chaim Fershtman & Neil Gandal, 2010. "Network Security: Vulnerabilities And Disclosure Policy," Journal of Industrial Economics, Wiley Blackwell, vol. 58(4), pages 868-894, December.
    15. Mussa, Michael & Rosen, Sherwin, 1978. "Monopoly and product quality," Journal of Economic Theory, Elsevier, vol. 18(2), pages 301-317, August.
    16. MacLeod, W Bentley & Malcomson, James M, 1993. "Investments, Holdup, and the Form of Market Contracts," American Economic Review, American Economic Association, vol. 83(4), pages 811-837, September.
    17. Debabrata Dey & Atanu Lahiri & Guoying Zhang, 2015. "Optimal Policies for Security Patch Management," INFORMS Journal on Computing, INFORMS, vol. 27(3), pages 462-477, August.
    18. Yannis Bakos & Erik Brynjolfsson, 1999. "Bundling Information Goods: Pricing, Profits, and Efficiency," Management Science, INFORMS, vol. 45(12), pages 1613-1630, December.
    19. Terrence August & Marius Florin Niculescu & Hyoduk Shin, 2014. "Cloud Implications on Software Network Structure and Security Risks," Information Systems Research, INFORMS, vol. 25(3), pages 489-510, September.
    20. Ashutosh Prasad & R. Venkatesh & Vijay Mahajan, 2010. "Optimal Bundling of Technological Products with Network Externality," Management Science, INFORMS, vol. 56(12), pages 2224-2236, December.
    21. Serguei Netessine & Terry A. Taylor, 2007. "Product Line Design and Production Technology," Marketing Science, INFORMS, vol. 26(1), pages 101-117, 01-02.
    22. Terrence August & Duy Dao & Hyoduk Shin, 2015. "Optimal Timing of Sequential Distribution: The Impact of Congestion Externalities and Day-and-Date Strategies," Marketing Science, INFORMS, vol. 34(5), pages 755-774, September.
    23. Hemant K. Bhargava, 2013. "Mixed Bundling of Two Independently Valued Goods," Management Science, INFORMS, vol. 59(9), pages 2170-2185, September.
    24. J. Miguel Villas-Boas, 2009. "Product Variety and Endogenous Pricing with Evaluation Costs," Management Science, INFORMS, vol. 55(8), pages 1338-1346, August.
    25. Terrence August & Tunay I. Tunca, 2006. "Network Software Security and User Incentives," Management Science, INFORMS, vol. 52(11), pages 1703-1720, November.
    26. Eric Maskin & John Riley, 1984. "Monopoly with Incomplete Information," RAND Journal of Economics, The RAND Corporation, vol. 15(2), pages 171-196, Summer.
    27. Preyas S. Desai, 2001. "Quality Segmentation in Spatial Markets: When Does Cannibalization Affect Product Line Design?," Marketing Science, INFORMS, vol. 20(3), pages 265-283, August.
    28. R. Venkatesh & Wagner Kamakura, 2003. "Optimal Bundling and Pricing under a Monopoly: Contrasting Complements and Substitutes from Independently Valued Products," The Journal of Business, University of Chicago Press, vol. 76(2), pages 211-232, April.
    29. R. Preston McAfee & John McMillan & Michael D. Whinston, 1989. "Multiproduct Monopoly, Commodity Bundling, and Correlation of Values," The Quarterly Journal of Economics, President and Fellows of Harvard College, vol. 104(2), pages 371-383.
    30. Jeroen M. Swinkels & Wolfgang Pesendorfer, 2000. "Efficiency and Information Aggregation in Auctions," American Economic Review, American Economic Association, vol. 90(3), pages 499-525, June.
    31. K. Sridhar Moorthy, 1984. "Market Segmentation, Self-Selection, and Product Line Design," Marketing Science, INFORMS, vol. 3(4), pages 288-307.
    32. Laffont, Jean-Jacques & Tirole, Jean, 1988. "The Dynamics of Incentive Contracts," Econometrica, Econometric Society, vol. 56(5), pages 1153-1175, September.
    33. Tunay I. Tunca & Stefanos A. Zenios, 2006. "Supply Auctions and Relational Contracts for Procurement," Manufacturing & Service Operations Management, INFORMS, vol. 8(1), pages 43-67, February.
    34. William James Adams & Janet L. Yellen, 1976. "Commodity Bundling and the Burden of Monopoly," The Quarterly Journal of Economics, President and Fellows of Harvard College, vol. 90(3), pages 475-498.
    35. Brito, Dagobert L. & Sheshinski, Eytan & Intriligator, Michael D., 1991. "Externalities and compulsary vaccinations," Journal of Public Economics, Elsevier, vol. 45(1), pages 69-90, June.
    36. Hemant K. Bhargava & Vidyanand Choudhary, 2008. "Research Note--When Is Versioning Optimal for Information Goods?," Management Science, INFORMS, vol. 54(5), pages 1029-1035, May.
    37. Karthik Kannan & Mohammad S. Rahman & Mohit Tawarmalani, 2016. "Economic and Policy Implications of Restricted Patch Distribution," Management Science, INFORMS, vol. 62(11), pages 3161-3182, November.
    Full references (including those not matched with items on IDEAS)

    Citations

    Citations are extracted by the CitEc Project, subscribe to its RSS feed for this item.
    as


    Cited by:

    1. Bo Li & Subodha Kumar, 2022. "Managing Software‐as‐a‐Service: Pricing and operations," Production and Operations Management, Production and Operations Management Society, vol. 31(6), pages 2588-2608, June.
    2. Bienz, Carsten & Juranek, Steffen, 2020. "Software vulnerabilities and bug bounty programs," Discussion Papers 2020/4, Norwegian School of Economics, Department of Business and Management Science.
    3. Nie, Jiajia & Zhong, Ling & Li, Gendao & Cao, Kuo, 2022. "Piracy as an entry deterrence strategy in software market," European Journal of Operational Research, Elsevier, vol. 298(2), pages 560-572.
    4. Terrence August & Duy Dao & Marius Florin Niculescu, 2022. "Economics of Ransomware: Risk Interdependence and Large-Scale Attacks," Management Science, INFORMS, vol. 68(12), pages 8979-9002, December.
    5. Debabrata Dey & Abhijeet Ghoshal & Atanu Lahiri, 2021. "Support Forums and Software Vendor’s Pricing Strategy," Information Systems Research, INFORMS, vol. 32(2), pages 653-669, June.

    Most related items

    These are the items that most often cite the same works as this one and are cited by the same works as this one.
    1. Terrence August & Marius Florin Niculescu & Hyoduk Shin, 2014. "Cloud Implications on Software Network Structure and Security Risks," Information Systems Research, INFORMS, vol. 25(3), pages 489-510, September.
    2. Terrence August & Tunay I. Tunca, 2011. "Who Should Be Responsible for Software Security? A Comparative Analysis of Liability Policies in Network Environments," Management Science, INFORMS, vol. 57(5), pages 934-959, May.
    3. Terrence August & Hyoduk Shin & Tunay I. Tunca, 2013. "Licensing and Competition for Services in Open Source Software," Information Systems Research, INFORMS, vol. 24(4), pages 1068-1086, December.
    4. Hemant K. Bhargava, 2013. "Mixed Bundling of Two Independently Valued Goods," Management Science, INFORMS, vol. 59(9), pages 2170-2185, September.
    5. Steven M. Shugan & Jihwan Moon & JQiaoni Shi & Nanda S. Kumar, 2017. "Product Line Bundling: Why Airlines Bundle High-End While Hotels Bundle Low-End," Marketing Science, INFORMS, vol. 36(1), pages 124-139, January.
    6. Ritwik Raj & Mark H. Karwan & Chase Murray & Lei Sun, 2022. "Itemized pricing in B2B bundles with diminishing reservation prices and loss averse customers," Journal of Revenue and Pricing Management, Palgrave Macmillan, vol. 21(4), pages 375-392, August.
    7. Stole, Lars A., 2007. "Price Discrimination and Competition," Handbook of Industrial Organization, in: Mark Armstrong & Robert Porter (ed.), Handbook of Industrial Organization, edition 1, volume 3, chapter 34, pages 2221-2299, Elsevier.
    8. Liu Weihua & Yu Hui, 2017. "Pure Components VS Full Mixed Bundling When Stackelberg Pricing," Journal of Systems Science and Information, De Gruyter, vol. 5(5), pages 435-445, October.
    9. Ashutosh Prasad & R. Venkatesh & Vijay Mahajan, 2017. "Temporal product bundling with myopic and strategic consumers: Manifestations and relative effectiveness," Quantitative Marketing and Economics (QME), Springer, vol. 15(4), pages 341-368, December.
    10. Terrence August & Duy Dao & Hyoduk Shin, 2015. "Optimal Timing of Sequential Distribution: The Impact of Congestion Externalities and Day-and-Date Strategies," Marketing Science, INFORMS, vol. 34(5), pages 755-774, September.
    11. Girju, Marina & Prasad, Ashutosh & Ratchford, Brian T., 2013. "Pure Components versus Pure Bundling in a Marketing Channel," Journal of Retailing, Elsevier, vol. 89(4), pages 423-437.
    12. Vithala R. Rao & Gary J. Russell & Hemant Bhargava & Alan Cooke & Tim Derdenger & Hwang Kim & Nanda Kumar & Irwin Levin & Yu Ma & Nitin Mehta & John Pracejus & R. Venkatesh, 2018. "Emerging Trends in Product Bundling: Investigating Consumer Choice and Firm Behavior," Customer Needs and Solutions, Springer;Institute for Sustainable Innovation and Growth (iSIG), vol. 5(1), pages 107-120, March.
    13. Zan Zhang & Guofang Nan & Yong Tan, 2020. "Cloud Services vs. On-Premises Software: Competition Under Security Risk and Product Customization," Information Systems Research, INFORMS, vol. 31(3), pages 848-864, September.
    14. Takanori Adachi & Takeshi Ebina & Makoto Hanazono, 2017. "Endogenous Product Boundary," Manchester School, University of Manchester, vol. 85(1), pages 13-40, January.
    15. Masoud Talebian & Zhaolin Li & Qiang Lu, 2020. "Pricing and inventory management for mixed bundled products with stochastic demand," Journal of Revenue and Pricing Management, Palgrave Macmillan, vol. 19(6), pages 401-410, December.
    16. Prasad, Ashutosh & Venkatesh, R. & Mahajan, Vijay, 2015. "Product bundling or reserved product pricing? Price discrimination with myopic and strategic consumers," International Journal of Research in Marketing, Elsevier, vol. 32(1), pages 1-8.
    17. Mark Armstrong, 2016. "Nonlinear Pricing," Annual Review of Economics, Annual Reviews, vol. 8(1), pages 583-614, October.
    18. Terrence August & Duy Dao & Marius Florin Niculescu, 2022. "Economics of Ransomware: Risk Interdependence and Large-Scale Attacks," Management Science, INFORMS, vol. 68(12), pages 8979-9002, December.
    19. Hemant K. Bhargava, 2012. "Retailer-Driven Product Bundling in a Distribution Channel," Marketing Science, INFORMS, vol. 31(6), pages 1014-1021, November.
    20. Carmen D. Ã lvarez-Albelo, 2020. "The role of complementarity of goods in a mixed bundling strategy," Economics and Business Letters, Oviedo University Press, vol. 9(1), pages 31-40.

    Corrections

    All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:inm:ormnsc:v:65:y:2019:i:10:p:4575-4597. See general information about how to correct material in RePEc.

    If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.

    If CitEc recognized a bibliographic reference but did not link an item in RePEc to it, you can help with this form .

    If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.

    For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: Chris Asher (email available below). General contact details of provider: https://edirc.repec.org/data/inforea.html .

    Please note that corrections may take a couple of weeks to filter through the various RePEc services.

    IDEAS is a RePEc service. RePEc uses bibliographic data supplied by the respective publishers.