Market Segmentation and Software Security: Pricing Patching Rights

The patching approach to security in the software industry has been less effective than desired. One critical issue with the status quo is that the endowment of “patching rights” (the ability for a...

[1]  S. Rosen,et al.  Monopoly and product quality , 1978 .

[2]  Crispin Cowan,et al.  Timing the Application of Security Patches for Optimal Uptime , 2002, LISA.

[3]  Huseyin Cavusoglu,et al.  Efficiency of Vulnerability Disclosure Mechanisms to Disseminate Vulnerability Knowledge , 2007, IEEE Transactions on Software Engineering.

[4]  J. Miguel Villas-Boas,et al.  Communication Strategies and Product Line Design , 2004 .

[5]  Guoying Zhang,et al.  Optimal Policies for Security Patch Management , 2015, INFORMS J. Comput..

[6]  W. Kamakura,et al.  Optimal Bundling and Pricing Under a Monopoly: Contrasting Complements and Substitutes from Independently Valued Products , 2003 .

[7]  K. Moorthy Market Segmentation, Self-Selection, and Product Line Design , 1984 .

[8]  E. Maskin,et al.  Monopoly with Incomplete Information , 1984 .

[9]  Carl E. Landwehr,et al.  Does Open Source Improve System Security? , 2001, IEEE Softw..

[10]  David R. Brillinger,et al.  The Analyticity of the Roots of a Polynomial as Functions of the Coefficients , 1966 .

[11]  J. Eckalbar,et al.  Closed-Form Solutions to Bundling Problems , 2010 .

[12]  Terrence August,et al.  Who Should be Responsible for Software Security? A Comparative Analysis of Liability Policies in Network Environments , 2011, WEIS.

[13]  Janet L. Yellen,et al.  Commodity Bundling and the Burden of Monopoly , 1976 .

[14]  Jacques-François Thisse,et al.  Segmenting the market: The monopolist's optimal product mix , 1986 .

[15]  J. Laffont,et al.  THE DYNAMICS OF INCENTIVE CONTRACTS , 1988 .

[16]  Hemant K. Bhargava,et al.  Information Goods and Vertical Differentiation , 2001, J. Manag. Inf. Syst..

[17]  J. Miguel Villas-Boas,et al.  Product Variety and Endogenous Pricing with Evaluation Costs , 2009, Manag. Sci..

[18]  Hemant K. Bhargava,et al.  Research Note - When Is Versioning Optimal for Information Goods? , 2008, Manag. Sci..

[19]  He Liu,et al.  Click Trajectories: End-to-End Analysis of the Spam Value Chain , 2011, 2011 IEEE Symposium on Security and Privacy.

[20]  Yannis Bakos,et al.  Bundling Information Goods: Pricing, Profits and Efficiency , 1998 .

[21]  James M. Malcomson,et al.  Investments, Holdup, and the Form of Market Contracts. , 1993 .

[22]  Atanu Lahiri Revisiting the incentive to tolerate illegal distribution of software products , 2012, Decis. Support Syst..

[23]  David P. Myatt,et al.  Forthcoming in American Economic Review , 2022 .

[24]  Yolanta Beres,et al.  Optimizing Network Patching Policy Decisions , 2012, SEC.

[25]  Alok Gupta,et al.  Growth and Sustainability of Managed Security Services Networks: An Economic Perspective , 2012, MIS Q..

[26]  Chaim Fershtman,et al.  Network Security: Vulnerabilities and Disclosure Policy , 2007, WEIS.

[27]  Vijay Mahajan,et al.  Optimal Bundling of Technological Products with Network Externality , 2010, Manag. Sci..

[28]  Terrence August,et al.  Cloud Implications on Software Network Structure and Security Risks , 2014, Inf. Syst. Res..

[29]  Terrence August,et al.  Network Software Security and User Incentives , 2006, Manag. Sci..

[30]  Jun Zhang,et al.  Security Patch Management: Share the Burden or Share the Damage? , 2008, Manag. Sci..

[31]  David A. Wheeler,et al.  Secure Programming for Linux and Unix HOWTO , 2003 .

[32]  Ross J. Anderson,et al.  Security in open versus closed systems - the dance of Boltzmann , 2002 .

[33]  Jeroen M. Swinkels,et al.  Efficiency and Information Aggregation in Auctions , 2000 .

[34]  L. Beril Toktay,et al.  Market Segmentation and Product Technology Selection for Remanufacturable Products , 2005, Manag. Sci..

[35]  P. Miller Applied asymptotic analysis , 2006 .

[36]  Serguei Netessine,et al.  Product Line Design and Production Technology , 2007 .

[37]  Mohammad S. Rahman,et al.  Economic and Policy Implications of Restricted Patch Distribution , 2016, Manag. Sci..

[38]  Holger M. Mu Asymptotic Efficiency in Dynamic Principal-Agent Problems , 2000 .

[39]  R. K. Shyamasundar,et al.  Introduction to algorithms , 1996 .

[40]  David Simchi-Levi,et al.  Sourcing Flexibility, Spot Trading, and Procurement Contract Structure , 2011, Oper. Res..

[41]  Bart Jacobs,et al.  Increased security through open source , 2007, Commun. ACM.

[42]  Terrence August,et al.  Optimal Timing of Sequential Distribution: The Impact of Congestion Externalities and Day-and-Date Strategies , 2015, Marketing science (Providence, R.I.).

[43]  Terrence August,et al.  Designing user incentives for cybersecurity , 2014, Commun. ACM.

[44]  I. Png,et al.  Market segmentation, cannibalization, and the timing of product introductions , 1992 .

[45]  Preyas S. Desai Quality Segmentation in Spatial Markets: When Does Cannibalization Affect Product Line Design? , 2001 .

[46]  Fangruo Chen,et al.  Market Segmentation, Advanced Demand Information, and Supply Chain Performance , 2000, Manuf. Serv. Oper. Manag..

[47]  Hao Xu,et al.  Optimal Policy for Software Vulnerability Disclosure , 2008, Manag. Sci..

[48]  Ramayya Krishnan,et al.  Correlated Failures, Diversification, and Information Security Risk Management , 2011, MIS Q..

[49]  Ivan P. L. Png,et al.  Information Security: Facilitating User Precautions Vis-à-Vis Enforcement Against Attackers , 2009, J. Manag. Inf. Syst..

[50]  Hemant K. Bhargava,et al.  Mixed Bundling of Two Independently Valued Goods , 2013, Manag. Sci..

[51]  Eric T. Anderson,et al.  When is Price Discrimination Profitable? , 2008, Manag. Sci..

[52]  R. McKelvey,et al.  Optimal Research for Cournot Oligopolists , 1987 .

[53]  G. Tellis,et al.  Strategic Bundling of Products and Prices: A New Synthesis for Marketing , 2002 .

[54]  Rahul Telang,et al.  Market for Software Vulnerabilities? Think Again , 2005, Manag. Sci..

[55]  Sam Ransbotham,et al.  Are Markets for Vulnerabilities Effective? , 2012, MIS Q..

[56]  Tunay I. Tunca,et al.  Supply Auctions and Relational Contracts for Procurement , 2006, Manuf. Serv. Oper. Manag..

[57]  Fred B. Schneider Open source in security: visiting the bizarre , 2000, Proceeding 2000 IEEE Symposium on Security and Privacy. S&P 2000.