Network security: Vulnerabilities and disclosure policy

Jay Pil Choi, Chaim Fershtman, Neil Gandal

Research output: Contribution to journalArticlepeer-review

15 Citations (Scopus)

Abstract

Software security is a major concern for vendors, consumers and regulators. When vulnerabilities are discovered after the software has been sold to consumers, the firms face a dilemma. A policy of disclosing vulnerabilities and issuing updates protects only consumers who install updates, while the disclosure itself facilitates reverse engineering of the vulnerability by hackers. The paper considers a firm that sells software which is subject to potential security breaches and derives the conditions under which a firm would disclose vulnerabilities. It examines the effect of a regulatory policy that requires mandatory disclosure of vulnerabilities and a 'bug bounty' program.

Original languageEnglish
Pages (from-to)868-894
Number of pages27
JournalJournal of Industrial Economics
Volume58
Issue number4
DOIs
Publication statusPublished - 2010 Dec

All Science Journal Classification (ASJC) codes

  • Accounting
  • Business, Management and Accounting(all)
  • Economics and Econometrics

Fingerprint Dive into the research topics of 'Network security: Vulnerabilities and disclosure policy'. Together they form a unique fingerprint.

Cite this