论文信息 - Interdependence of Reliability and Security

Interdependence of Reliability and Security

This paper studies manufacturer incentives to invest in the improvement of reliability and security of a software system when (i) reliability and security failures are caused by the same errors in the development of the software components and (ii) naive users find it too costly to distinguish between these two classes of system failures. We trace the effects of these informational imperfections and discuss how the resulting supply and demand externalities affect manufacturer investments. When users cannot distinguish between reliability and security failures and investment in system security is driven by the weakest link, the standard for optimal due care then depends on manufacturer characteristics with respect to both security and reliability. In this case, imposition of a due care standard based solely on reliability or on security becomes socially suboptimal. JEL Codes: D82, L14, D40.

Peter Honeyman | Galina Schwartz | Ari Can Assche

[1] Jean Tirole,et al. Incomplete contracts: Where do we stand? , 1999 .

[2] Hal R. Varian,et al. System Reliability and Free Riding , 2004, Economics of Information Security.

[3] Ross J. Anderson,et al. Security in open versus closed systems - the dance of Boltzmann , 2002 .

[4] Ross J. Anderson,et al. The Economics of Information Security : A Survey and Open Questions , 2006 .

[5] H. Kunreuther,et al. Interdependent Security , 2003 .

[6] Michael D. Smith,et al. Computer security strength and risk: a quantitative approach , 2004 .

[7] Daniel Galin,et al. Software Quality Assurance: From Theory to Implementation , 2003 .

[8] Michael M. May,et al. How much is enough? A risk management approach to computer security , 2000 .

[9] Ross J. Anderson. Why information security is hard - an economic perspective , 2001, Seventeenth Annual Computer Security Applications Conference.

[10] Ross J. Anderson,et al. Murphy’s law, the fitness of evolving species, and the limits of software reliability , 1999 .