NETWORK SECURITY: VULNERABILITIES AND DISCLOSURE POLICY

Warning: is_dir(): open_basedir restriction in effect. File(/libraries) is not within the allowed path(s): (/home/web1050:/usr/share/php) in libraries_get_libraries() (line 176 of /home/web1050/public_html/sites/all/modules/contrib/libraries/libraries.module).

http://onlinelibrary.wiley.com/doi/10.1111/joie.2010.58.issue-4/issuetoc

Authors:

JAY PIL CHOI

CHAIM FERSHTMAN and NEIL GANDAL

Software security is a major concern for vendors, consumers and regulators. When vulnerabilities are discovered after the software has been sold to consumers, the firms face a dilemma. A policy of disclosing vulnerabilities and issuing updates protects only consumers who install updates, while the disclosure itself facilitates reverse engineering of the vulnerability by hackers. The paper considers a firm that sells software which is subject to potential security breaches and derives the conditions under which a firm would disclose vulnerabilities. It examines the effect of a regulatory policy that requires mandatory disclosure of vulnerabilities and a ‘bug bounty’ program.

Pages:

868-894

Date:

12/24/2010

previous next

View all

NETWORK SECURITY: VULNERABILITIES AND DISCLOSURE POLICY

Bertrand Competition with an Asymmetric No-discrimination Constraint

A Structural Approach to Market Definition with an Application to the Hospital Industry

Corporate Leniency Programs when Firms have Private Information: The Push of Prosecution and the Pull of Pre-emption

Published with