Abstract
Inadequate software security is blamed for poor network security when viruses and worms cause major disruptions. However, software vendors have little incentive to improve the security quality of their products because they are not directly liable for losses incurred due to poor security. The concept of software liability has been intensely discussed by computer scientists and jurists for years as a possible solution for improving software security. This paper examines a risk-sharing mechanism between a software vendor and its customers as a way to implement software liability. It considers both the software vendor's incentive to share risks with customers and the question of whether risk-sharing leads to better software security. The model provides evidence of underprovided security quality under monopoly with complete information, as has been observed in the market. The policy implications of the risk-sharing mechanism and the possible impact of competition on software vendors' incentive for risk-sharing are examined. Information asymmetry is found to be a key factor in voluntary risk-sharing under monopoly; the risk-sharing level can be a signal of unobservable security quality.
| Original language | English (US) |
|---|---|
| Pages (from-to) | 7-40 |
| Number of pages | 34 |
| Journal | International Journal of Electronic Commerce |
| Volume | 14 |
| Issue number | 2 |
| DOIs | |
| State | Published - Dec 1 2009 |
| Externally published | Yes |
Keywords
- Economics of IS
- Information asymmetry
- Security policies
- Software liability
- Software security
ASJC Scopus subject areas
- Business and International Management
- Economics and Econometrics