IDEAS home Printed from https://ideas.repec.org/p/arx/papers/2504.07766.html
   My bibliography  Save this paper

Realigning Incentives to Build Better Software: a Holistic Approach to Vendor Accountability

Author

Listed:
  • Gergely Bicz'ok
  • Sasha Romanosky
  • Mingyan Liu

Abstract

In this paper, we ask the question of why the quality of commercial software, in terms of security and safety, does not measure up to that of other (durable) consumer goods we have come to expect. We examine this question through the lens of incentives. We argue that the challenge around better quality software is due in no small part to a sequence of misaligned incentives, the most critical of which being that the harm caused by software problems is by and large shouldered by consumers, not developers. This lack of liability means software vendors have every incentive to rush low-quality software onto the market and no incentive to enhance quality control. Within this context, this paper outlines a holistic technical and policy framework we believe is needed to incentivize better and more secure software development. At the heart of the incentive realignment is the concept of software liability. This framework touches on various components, including legal, technical, and financial, that are needed for software liability to work in practice; some currently exist, some will need to be re-imagined or established. This is primarily a market-driven approach that emphasizes voluntary participation but highlights the role appropriate regulation can play. We connect and contrast this with the EU legal environment and discuss what this framework means for open-source software (OSS) development and emerging AI risks. Moreover, we present a CrowdStrike case study complete with a what-if analysis had our proposed framework been in effect. Our intention is very much to stimulate a robust conversation among both researchers and practitioners.

Suggested Citation

  • Gergely Bicz'ok & Sasha Romanosky & Mingyan Liu, 2025. "Realigning Incentives to Build Better Software: a Holistic Approach to Vendor Accountability," Papers 2504.07766, arXiv.org.
    • Handle: RePEc:arx:papers:2504.07766
    as

    Download full text from publisher

    File URL: http://arxiv.org/pdf/2504.07766
    File Function: Latest version
    Download Restriction: no
    ---><---

    References listed on IDEAS

    as
    1. Bendiek, Annegret & Römer, Magnus, 2019. "Externalizing Europe: the global effects of European data protection," EconStor Open Access Articles and Book Chapters, ZBW - Leibniz Information Centre for Economics, vol. 21(1), pages 32-43.
    Full references (including those not matched with items on IDEAS)

    Most related items

    These are the items that most often cite the same works as this one and are cited by the same works as this one.
    1. Stocker, Volker & Whalley, Jason, 2019. "Who replies to consultations, and what do they say? The case of broadband universal service in the UK," Telecommunications Policy, Elsevier, vol. 43(8), pages 1-1.
    2. Keman Huang & Stuart Madnick & Nazli Choucri & Fang Zhang, 2021. "A Systematic Framework to Understand Transnational Governance for Cybersecurity Risks from Digital Trade," Global Policy, London School of Economics and Political Science, vol. 12(5), pages 625-638, November.

    More about this item

    NEP fields

    This paper has been announced in the following NEP Reports:

    Statistics

    Access and download statistics

    Corrections

    All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:arx:papers:2504.07766. See general information about how to correct material in RePEc.

    If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.

    If CitEc recognized a bibliographic reference but did not link an item in RePEc to it, you can help with this form .

    If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.

    For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: arXiv administrators (email available below). General contact details of provider: http://arxiv.org/ .

    Please note that corrections may take a couple of weeks to filter through the various RePEc services.

    IDEAS is a RePEc service. RePEc uses bibliographic data supplied by the respective publishers.