An economic analysis of the software market with a risk-sharing contract

Byung Cho Kim; Pei-yu Chen; Tridas Mukhopadhyay

An economic analysis of the software market with a risk-sharing contract

Byung Cho Kim, Pei-yu Chen, Tridas Mukhopadhyay

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Abstract

Low quality of software has been blamed for poor security of our computer networks as major viruses and worms exploit the vulnerabilities of such software. However, software vendors have no incentive to improve the quality of their products since they are not directly liable for any loss due to poor quality. Software liability has been intensely discussed among computer scientists and jurists for years as a possible solution for software quality improvement. This paper proposes a risk-sharing mechanism between software vendors and customers as a market-driven method to impose software liability. We consider two dimensions of software quality: functionality and security quality. We present an economic model of the software market with a risk-sharing mechanism, which takes into account the strategic interplay of risk-sharing and security quality of the software given a certain level of functionality. We then apply this model in different scenarios, and examine the implications of the risk-sharing mechanism in the context of cyber security. Our model provides evidence of under-provided security quality of software in the monopoly case, as has been observed in the market. We consider the feasibility and effectiveness of the risk-sharing mechanism under various scenarios, and find the conditions under which the proposed mechanism is promising.

Original language	English (US)
Title of host publication	Association for Information Systems - 26th International Conference on Information Systems, ICIS 2005: Forever New Frontiers
Pages	361-366
Number of pages	6
State	Published - 2005
Externally published	Yes
Event	26th International Conference on Information Systems, ICIS 2005 - Las Vegas, NV, United States Duration: Dec 11 2005 → Dec 14 2005

Other

Other	26th International Conference on Information Systems, ICIS 2005
Country/Territory	United States
City	Las Vegas, NV
Period	12/11/05 → 12/14/05

Keywords

Cyber security
Risk-sharing
Software quality

ASJC Scopus subject areas

Computer Science Applications
Statistics, Probability and Uncertainty
Applied Mathematics
Library and Information Sciences

Cite this

@inproceedings{b553bc6cdf3f464a9de6c83e4ff57188,

title = "An economic analysis of the software market with a risk-sharing contract",

abstract = "Low quality of software has been blamed for poor security of our computer networks as major viruses and worms exploit the vulnerabilities of such software. However, software vendors have no incentive to improve the quality of their products since they are not directly liable for any loss due to poor quality. Software liability has been intensely discussed among computer scientists and jurists for years as a possible solution for software quality improvement. This paper proposes a risk-sharing mechanism between software vendors and customers as a market-driven method to impose software liability. We consider two dimensions of software quality: functionality and security quality. We present an economic model of the software market with a risk-sharing mechanism, which takes into account the strategic interplay of risk-sharing and security quality of the software given a certain level of functionality. We then apply this model in different scenarios, and examine the implications of the risk-sharing mechanism in the context of cyber security. Our model provides evidence of under-provided security quality of software in the monopoly case, as has been observed in the market. We consider the feasibility and effectiveness of the risk-sharing mechanism under various scenarios, and find the conditions under which the proposed mechanism is promising.",

keywords = "Cyber security, Risk-sharing, Software quality",

author = "Kim, {Byung Cho} and Pei-yu Chen and Tridas Mukhopadhyay",

year = "2005",

language = "English (US)",

pages = "361--366",

booktitle = "Association for Information Systems - 26th International Conference on Information Systems, ICIS 2005: Forever New Frontiers",

note = "26th International Conference on Information Systems, ICIS 2005 ; Conference date: 11-12-2005 Through 14-12-2005",

}

TY - GEN

T1 - An economic analysis of the software market with a risk-sharing contract

AU - Kim, Byung Cho

AU - Chen, Pei-yu

AU - Mukhopadhyay, Tridas

PY - 2005

Y1 - 2005

N2 - Low quality of software has been blamed for poor security of our computer networks as major viruses and worms exploit the vulnerabilities of such software. However, software vendors have no incentive to improve the quality of their products since they are not directly liable for any loss due to poor quality. Software liability has been intensely discussed among computer scientists and jurists for years as a possible solution for software quality improvement. This paper proposes a risk-sharing mechanism between software vendors and customers as a market-driven method to impose software liability. We consider two dimensions of software quality: functionality and security quality. We present an economic model of the software market with a risk-sharing mechanism, which takes into account the strategic interplay of risk-sharing and security quality of the software given a certain level of functionality. We then apply this model in different scenarios, and examine the implications of the risk-sharing mechanism in the context of cyber security. Our model provides evidence of under-provided security quality of software in the monopoly case, as has been observed in the market. We consider the feasibility and effectiveness of the risk-sharing mechanism under various scenarios, and find the conditions under which the proposed mechanism is promising.

AB - Low quality of software has been blamed for poor security of our computer networks as major viruses and worms exploit the vulnerabilities of such software. However, software vendors have no incentive to improve the quality of their products since they are not directly liable for any loss due to poor quality. Software liability has been intensely discussed among computer scientists and jurists for years as a possible solution for software quality improvement. This paper proposes a risk-sharing mechanism between software vendors and customers as a market-driven method to impose software liability. We consider two dimensions of software quality: functionality and security quality. We present an economic model of the software market with a risk-sharing mechanism, which takes into account the strategic interplay of risk-sharing and security quality of the software given a certain level of functionality. We then apply this model in different scenarios, and examine the implications of the risk-sharing mechanism in the context of cyber security. Our model provides evidence of under-provided security quality of software in the monopoly case, as has been observed in the market. We consider the feasibility and effectiveness of the risk-sharing mechanism under various scenarios, and find the conditions under which the proposed mechanism is promising.

KW - Cyber security

KW - Risk-sharing

KW - Software quality

UR - http://www.scopus.com/inward/record.url?scp=84869826607&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84869826607&partnerID=8YFLogxK

M3 - Conference contribution

AN - SCOPUS:84869826607

SP - 361

EP - 366

BT - Association for Information Systems - 26th International Conference on Information Systems, ICIS 2005: Forever New Frontiers

T2 - 26th International Conference on Information Systems, ICIS 2005

Y2 - 11 December 2005 through 14 December 2005

ER -

An economic analysis of the software market with a risk-sharing contract

Abstract

Other

Keywords

ASJC Scopus subject areas

Other files and links

Fingerprint

Cite this