IDEAS home Printed from https://ideas.repec.org/a/eee/iepoli/v22y2010i2p164-177.html
   My bibliography  Save this article

Competition and patching of security vulnerabilities: An empirical analysis

Author

Listed:
  • Arora, Ashish
  • Forman, Chris
  • Nandkumar, Anand
  • Telang, Rahul

Abstract

We empirically estimate the effect of competition on vendor patching of software defects by exploiting variation in number of vendors that share a common flaw or common vulnerabilities. We distinguish between two effects: the direct competition effect when vendors in the same market share a vulnerability, and the indirect effect, which operates through non-rivals that operate in different markets but nonetheless share the same vulnerability. Using time to patch as our measure of quality, we find empirical support for both direct and indirect effects of competition. Our results show that ex-post product quality in software markets is not only conditioned by rivals that operate in the same product market, but by also non-rivals that share the same common flaw.

Suggested Citation

  • Arora, Ashish & Forman, Chris & Nandkumar, Anand & Telang, Rahul, 2010. "Competition and patching of security vulnerabilities: An empirical analysis," Information Economics and Policy, Elsevier, vol. 22(2), pages 164-177, May.
    • Handle: RePEc:eee:iepoli:v:22:y:2010:i:2:p:164-177
    as

    Download full text from publisher

    File URL: http://www.sciencedirect.com/science/article/pii/S0167-6245(09)00065-1
    Download Restriction: Full text for ScienceDirect subscribers only
    ---><---

    As the access to this document is restricted, you may want to search for a different version of it.

    References listed on IDEAS

    as
    1. Ashish Arora & Jonathan P. Caulkins & Rahul Telang, 2006. "Research Note--Sell First, Fix Later: Impact of Patching on Software Quality," Management Science, INFORMS, vol. 52(3), pages 465-471, March.
    2. Borenstein, Severin & Netz, Janet, 1999. "Why do all the flights leave at 8 am?: Competition and departure-time differentiation in airline markets," International Journal of Industrial Organization, Elsevier, vol. 17(5), pages 611-640, July.
    3. Timothy F. Bresnahan & Shane Greenstein, 1999. "Technological Competition and the Structure of the Computer Industry," Journal of Industrial Economics, Wiley Blackwell, vol. 47(1), pages 1-40, March.
    4. Caroline M. Hoxby, 2000. "Does Competition among Public Schools Benefit Students and Taxpayers?," American Economic Review, American Economic Association, vol. 90(5), pages 1209-1238, December.
    5. Nizovtsev, Dmitri & Thursby, Marie, 2007. "To disclose or not? An analysis of software user behavior," Information Economics and Policy, Elsevier, vol. 19(1), pages 43-64, March.
    6. Ashish Arora & Rahul Telang & Hao Xu, 2008. "Optimal Policy for Software Vulnerability Disclosure," Management Science, INFORMS, vol. 54(4), pages 642-656, April.
    7. Dranove, David & White, William D, 1994. "Recent Theory and Evidence on Competition in Hospital Markets," Journal of Economics & Management Strategy, Wiley Blackwell, vol. 3(1), pages 169-209, Spring.
    8. Amalia R. Miller & Catherine Tucker, 2009. "Privacy Protection and Technology Diffusion: The Case of Electronic Medical Records," Management Science, INFORMS, vol. 55(7), pages 1077-1093, July.
    9. Domberger, Simon & Sherr, Avrom, 1989. "The impact of competition on pricing and quality of legal services," International Review of Law and Economics, Elsevier, vol. 9(1), pages 41-56, June.
    10. Rajiv D. Banker & Gordon B. Davis & Sandra A. Slaughter, 1998. "Software Development Practices, Software Complexity, and Software Maintenance Performance: A Field Study," Management Science, INFORMS, vol. 44(4), pages 433-450, April.
    11. David Levhari & Yoram Peles, 1973. "Market Structure, Quality and Durability," Bell Journal of Economics, The RAND Corporation, vol. 4(1), pages 235-248, Spring.
    12. Forman, Chris & Goldfarb, Avi & Greenstein, Shane, 2005. "How did location affect adoption of the commercial Internet? Global village vs. urban leadership," Journal of Urban Economics, Elsevier, vol. 58(3), pages 389-420, November.
    13. Andrew M. Cohen & Michael Mazzeo, 2004. "Competition, product differentiation and quality provision: an empirical equilibrium analysis of bank branching decisions," Finance and Economics Discussion Series 2004-46, Board of Governors of the Federal Reserve System (U.S.).
    14. Donald E. Harter & Mayuram S. Krishnan & Sandra A. Slaughter, 2000. "Effects of Process Maturity on Quality, Cycle Time, and Effort in Software Product Development," Management Science, INFORMS, vol. 46(4), pages 451-466, April.
    15. Fershtman, Chaim & Gandal, Neil & Choi, Jay Pil, 2005. "Internet Security, Vulnerability Disclosure and Software Provision," CEPR Discussion Papers 5269, C.E.P.R. Discussion Papers.
    16. Esther Gal-Or, 1983. "Quality and Quantity Competition," Bell Journal of Economics, The RAND Corporation, vol. 14(2), pages 590-600, Autumn.
    17. Michael Mazzeo, 2003. "Competition and Service Quality in the U.S. Airline Industry," Review of Industrial Organization, Springer;The Industrial Organization Society, vol. 22(4), pages 275-296, June.
    18. Karthik Kannan & Rahul Telang, 2005. "Market for Software Vulnerabilities? Think Again," Management Science, INFORMS, vol. 51(5), pages 726-740, May.
    19. Schmalensee, Richard, 1979. "Market Structure, Durability, and Quality: A Selective Survey," Economic Inquiry, Western Economic Association International, vol. 17(2), pages 177-196, April.
    20. repec:bla:jemstr:v:3:y:1994:i:1:p:169-209:a is not listed on IDEAS
    21. Pu Li & H. Raghav Rao, 2007. "An examination of private intermediaries’ roles in software vulnerabilities disclosure," Information Systems Frontiers, Springer, vol. 9(5), pages 531-539, November.
    22. A. Michael Spence, 1975. "Monopoly, Quality, and Regulation," Bell Journal of Economics, The RAND Corporation, vol. 6(2), pages 417-429, Autumn.
    Full references (including those not matched with items on IDEAS)

    Citations

    Citations are extracted by the CitEc Project, subscribe to its RSS feed for this item.
    as


    Cited by:

    1. Brekke, Kurt R. & Siciliani, Luigi & Straume, Odd Rune, 2010. "Price and quality in spatial competition," Regional Science and Urban Economics, Elsevier, vol. 40(6), pages 471-480, November.
    2. Esther Gal-Or & Muhammad Zia Hydari & Rahul Telang, 2024. "Merchants of Vulnerabilities: How Bug Bounty Programs Benefit Software Vendors," Papers 2404.17497, arXiv.org.

    Most related items

    These are the items that most often cite the same works as this one and are cited by the same works as this one.
    1. Ashish Arora & Ramayya Krishnan & Rahul Telang & Yubao Yang, 2010. "An Empirical Analysis of Software Vendors' Patch Release Behavior: Impact of Vulnerability Disclosure," Information Systems Research, INFORMS, vol. 21(1), pages 115-132, March.
    2. Brekke, Kurt R. & Siciliani, Luigi & Straume, Odd Rune, 2010. "Price and quality in spatial competition," Regional Science and Urban Economics, Elsevier, vol. 40(6), pages 471-480, November.
    3. Greenfield, Daniel, 2014. "Competition and service quality: New evidence from the airline industry," Economics of Transportation, Elsevier, vol. 3(1), pages 80-89.
    4. Jeffrey T. Prince & Daniel H. Simon, 2015. "Do Incumbents Improve Service Quality in Response to Entry? Evidence from Airlines' On-Time Performance," Management Science, INFORMS, vol. 61(2), pages 372-390, February.
    5. A. Yeşim Orhun & Sriram Venkataraman & Pradeep K. Chintagunta, 2016. "Impact of Competition on Product Decisions: Movie Choices of Exhibitors," Marketing Science, INFORMS, vol. 35(1), pages 73-92, January.
    6. Michael Mazzeo, 2003. "Competition and Service Quality in the U.S. Airline Industry," Review of Industrial Organization, Springer;The Industrial Organization Society, vol. 22(4), pages 275-296, June.
    7. Cellini, Roberto & Siciliani, Luigi & Straume, Odd Rune, 2018. "A dynamic model of quality competition with endogenous prices," Journal of Economic Dynamics and Control, Elsevier, vol. 94(C), pages 190-206.
    8. Brueckner, Jan K. & Flores-Fillol, Ricardo, 2020. "Market structure and quality determination for complementary products: Alliances and service quality in the airline industry," International Journal of Industrial Organization, Elsevier, vol. 68(C).
    9. Forbes, Silke J., 2008. "The effect of air traffic delays on airline prices," International Journal of Industrial Organization, Elsevier, vol. 26(5), pages 1218-1232, September.
    10. Simon, Daniel H. & Gomez, Miguel I., 2005. "The Competitive Causes and Consequences of Customer Satisfaction," 2005 Annual meeting, July 24-27, Providence, RI 19371, American Agricultural Economics Association (New Name 2008: Agricultural and Applied Economics Association).
    11. Gil, Ricard & Kim, Myongjin, 2021. "Does competition increase quality? Evidence from the US airline industry," International Journal of Industrial Organization, Elsevier, vol. 77(C).
    12. Mumuni, Alhassan G. & Luqmani, Mushtaq & Quraeshi, Zahir A., 2017. "Telecom market liberalization and service performance outcomes of an incumbent monopoly," International Business Review, Elsevier, vol. 26(2), pages 214-224.
    13. Ravi Sen & Joobin Choobineh & Subodha Kumar, 2020. "Determinants of Software Vulnerability Disclosure Timing," Production and Operations Management, Production and Operations Management Society, vol. 29(11), pages 2532-2552, November.
    14. Sibly, Hugh, 2007. "Loss aversion, price and quality," Journal of Behavioral and Experimental Economics (formerly The Journal of Socio-Economics), Elsevier, vol. 36(5), pages 771-788, October.
    15. Victor Manuel Bennett & Lamar Pierce & Jason A. Snyder & Michael W. Toffel, 2012. "Competition and Illicit Quality," Harvard Business School Working Papers 12-071, Harvard Business School, revised May 2012.
    16. Vinayak Deshpande & Mazhar Arıkan, 2012. "The Impact of Airline Flight Schedules on Flight Delays," Manufacturing & Service Operations Management, INFORMS, vol. 14(3), pages 423-440, July.
    17. Terrence August & Marius Florin Niculescu, 2013. "The Influence of Software Process Maturity and Customer Error Reporting on Software Release and Pricing," Management Science, INFORMS, vol. 59(12), pages 2702-2726, December.
    18. Ashish Arora & Rahul Telang & Hao Xu, 2008. "Optimal Policy for Software Vulnerability Disclosure," Management Science, INFORMS, vol. 54(4), pages 642-656, April.
    19. Crespi John M. & Marette Stephan, 2009. "Quality, Sunk Costs and Competition," Review of Marketing Science, De Gruyter, vol. 7(1), pages 1-36, August.
    20. Richard Nahuis & Joëlle Noailly, 2005. "Competition and quality in the notary profession," CPB Document 94.rdf, CPB Netherlands Bureau for Economic Policy Analysis.

    Corrections

    All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:eee:iepoli:v:22:y:2010:i:2:p:164-177. See general information about how to correct material in RePEc.

    If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.

    If CitEc recognized a bibliographic reference but did not link an item in RePEc to it, you can help with this form .

    If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.

    For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: Catherine Liu (email available below). General contact details of provider: http://www.elsevier.com/locate/inca/505549 .

    Please note that corrections may take a couple of weeks to filter through the various RePEc services.

    IDEAS is a RePEc service. RePEc uses bibliographic data supplied by the respective publishers.