IDEAS home Printed from https://ideas.repec.org/a/inm/orisre/v19y2008i1p48-70.html
   My bibliography  Save this article

Let the Pirates Patch? An Economic Analysis of Software Security Patch Restrictions

Author

Listed:
  • Terrence August

    (Rady School of Management, University of California at San Diego, La Jolla, California 92093)

  • Tunay I. Tunca

    (Graduate School of Business, Stanford University, Stanford, California 94305)

Abstract

We study the question of whether a software vendor should allow users of unlicensed (pirated) copies of a software product to apply security patches. We present a joint model of network software security and software piracy and contrast two policies that a software vendor can enforce: (i) restriction of security patches only to legitimate users or (ii) provision of access to security patches to all users whether their copies are licensed or not. We find that when the software security risk is high and the piracy enforcement level is low, or when tendency for piracy in the consumer population is high, it is optimal for the vendor to restrict unlicensed users from applying security patches. When piracy tendency in the consumer population is low, applying software security patch restrictions is optimal for the vendor only when the piracy enforcement level is high. If patching costs are sufficiently low, however, an unrestricted patch release policy maximizes vendor profits. We also show that the vendor can use security patch restrictions as a substitute to investment in software security, and this effect can significantly reduce welfare. Furthermore, in certain cases, increased piracy enforcement levels can actually hurt vendor profits. We also show that governments can increase social surplus and intellectual property protection simultaneously by increasing piracy enforcement and utilizing the strategic interaction of piracy patch restrictions and network security. Finally, we demonstrate that, although unrestricted patching can maximize welfare when the piracy enforcement level is low, contrary to what one might expect, when the piracy enforcement level is high, restricting security patches only to licensed users can be socially optimal.

Suggested Citation

  • Terrence August & Tunay I. Tunca, 2008. "Let the Pirates Patch? An Economic Analysis of Software Security Patch Restrictions," Information Systems Research, INFORMS, vol. 19(1), pages 48-70, March.
    • Handle: RePEc:inm:orisre:v:19:y:2008:i:1:p:48-70
    DOI: 10.1287/isre.1070.0142
    as

    Download full text from publisher

    File URL: http://dx.doi.org/10.1287/isre.1070.0142
    Download Restriction: no
    File URL: https://libkey.io/10.1287/isre.1070.0142?utm_source=ideas
    LibKey link: if access is restricted and if your library uses this service, LibKey will redirect you to where you can use your library subscription to access this item
    ---><---

    References listed on IDEAS

    as
    1. Bakos, Yannis & Brynjolfsson, Erik & Lichtman, Douglas, 1999. "Shared Information Goods," Journal of Law and Economics, University of Chicago Press, vol. 42(1), pages 117-155, April.
    2. Neil F. Holsing & Davidc. Yen, 1999. "Software Asset Management: Analysis, Development and Implementation," Information Resources Management Journal (IRMJ), IGI Global, vol. 12(3), pages 14-26, July.
    3. Joshua Slive & Dan Bernhardt, 1998. "Pirated for Profit," Canadian Journal of Economics, Canadian Economics Association, vol. 31(4), pages 886-899, November.
    4. Liebowitz, S J, 1985. "Copying and Indirect Appropriability: Photocopying of Journals," Journal of Political Economy, University of Chicago Press, vol. 93(5), pages 945-957, October.
    5. Arun Sundararajan, 2003. "Managing Digital Piracy: Pricing, Protection and Welfare," Law and Economics 0307001, University Library of Munich, Germany.
    6. Hal R. Varian, 2005. "Copying and Copyright," Journal of Economic Perspectives, American Economic Association, vol. 19(2), pages 121-138, Spring.
    7. Arun Sundararajan, 2004. "Managing Digital Piracy: Pricing and Protection," Information Systems Research, INFORMS, vol. 15(3), pages 287-308, September.
    8. Besen, Stanley M & Kirby, Sheila Nataraj, 1989. "Private Copying, Appropriability, and Optimal Copying Royalties," Journal of Law and Economics, University of Chicago Press, vol. 32(2), pages 255-280, October.
    9. M. Alvisi & E. Argentesi & E. Carbonara, 2002. "Piracy and Quality Choice in Monopolistic Markets," Working Papers 436, Dipartimento Scienze Economiche, Universita' di Bologna.
    10. Ashish Arora & Jonathan P. Caulkins & Rahul Telang, 2006. "Research Note--Sell First, Fix Later: Impact of Patching on Software Quality," Management Science, INFORMS, vol. 52(3), pages 465-471, March.
    11. Takeyama, Lisa N, 1997. "The Intertemporal Consequences of Unauthorized Reproduction of Intellectual Property," Journal of Law and Economics, University of Chicago Press, vol. 40(2), pages 511-522, October.
    12. Takeyama, Lisa N, 1994. "The Welfare Implications of Unauthorized Reproduction of Intellectual Property in the Presence of Demand Network Externalities," Journal of Industrial Economics, Wiley Blackwell, vol. 42(2), pages 155-166, June.
    13. Johnson, William R, 1985. "The Economics of Copying," Journal of Political Economy, University of Chicago Press, vol. 93(1), pages 158-174, February.
    14. Huseyin Cavusoglu & Birendra Mishra & Srinivasan Raghunathan, 2005. "The Value of Intrusion Detection Systems in Information Technology Security Architecture," Information Systems Research, INFORMS, vol. 16(1), pages 28-46, March.
    15. Kathleen Reavis Conner & Richard P. Rumelt, 1991. "Software Piracy: An Analysis of Protection Strategies," Management Science, INFORMS, vol. 37(2), pages 125-139, February.
    16. Novos, Ian E & Waldman, Michael, 1984. "The Effects of Increased Copyright Protection: An Analytic Approach," Journal of Political Economy, University of Chicago Press, vol. 92(2), pages 236-246, April.
    17. Hal R. Varian, 2000. "Buying, Sharing and Renting Information Goods," Journal of Industrial Economics, Wiley Blackwell, vol. 48(4), pages 473-488, December.
    18. Oz Shy & Jacques‐Françlois Thisse, 1999. "A Strategic Approach to Software Protection," Journal of Economics & Management Strategy, Wiley Blackwell, vol. 8(2), pages 163-190, June.
    19. Terrence August & Tunay I. Tunca, 2006. "Network Software Security and User Incentives," Management Science, INFORMS, vol. 52(11), pages 1703-1720, November.
    Full references (including those not matched with items on IDEAS)

    Most related items

    These are the items that most often cite the same works as this one and are cited by the same works as this one.
    1. Peitz, Martin & Waelbroeck, Patrick, 2006. "Piracy of digital products: A critical review of the theoretical literature," Information Economics and Policy, Elsevier, vol. 18(4), pages 449-476, November.
    2. Tunay I. Tunca & Qiong Wu, 2013. "Fighting Fire with Fire: Commercial Piracy and the Role of File Sharing on Copyright Protection Policy for Digital Goods," Information Systems Research, INFORMS, vol. 24(2), pages 436-453, June.
    3. Sanjay Jain, 2008. "Digital Piracy: A Competitive Analysis," Marketing Science, INFORMS, vol. 27(4), pages 610-626, 07-08.
    4. Rick Harbaugh & Rahul Khemka, 2010. "Does Copyright Enforcement Encourage Piracy?," Journal of Industrial Economics, Wiley Blackwell, vol. 58(2), pages 306-323, June.
    5. Yoon, Kiho, 2002. "The optimal level of copyright protection," Information Economics and Policy, Elsevier, vol. 14(3), pages 327-348, September.
    6. Yeh-ning Chen & Ivan Png, 2003. "Information Goods Pricing and Copyright Enforcement: Welfare Analysis," Information Systems Research, INFORMS, vol. 14(1), pages 107-123, March.
    7. T. S. Raghu & Rajiv Sinha & Ajay Vinze & Orneita Burton, 2009. "Willingness to Pay in an Open Source Software Environment," Information Systems Research, INFORMS, vol. 20(2), pages 218-236, June.
    8. Martin Peitz & Patrick Waelbroeck, 2003. "Piracy of Digital Products: A Critical Review of the Economics Literature," CESifo Working Paper Series 1071, CESifo.
    9. Liang Guo & Xiangyi Meng, 2015. "Digital Content Provision and Optimal Copyright Protection," Management Science, INFORMS, vol. 61(5), pages 1183-1196, May.
    10. Gürtler, Oliver, 2005. "On Strategic Enabling of Product Piracy in the Market for Video Games," Bonn Econ Discussion Papers 36/2005, University of Bonn, Bonn Graduate School of Economics (BGSE).
    11. Cho, Won-Young & Ahn, Byong-Hun, 2010. "Versioning of information goods under the threat of piracy," Information Economics and Policy, Elsevier, vol. 22(4), pages 332-340, December.
    12. Gürtler, Oliver, 2006. "Software Piracy in the Video Game Market," Bonn Econ Discussion Papers 20/2006, University of Bonn, Bonn Graduate School of Economics (BGSE).
    13. Stan J. Liebowitz & Richard Watt, 2006. "How To Best Ensure Remuneration For Creators In The Market For Music? Copyright And Its Alternatives," Journal of Economic Surveys, Wiley Blackwell, vol. 20(4), pages 513-545, September.
    14. Kinokuni, Hiroshi, 2005. "Compensation for copying and bargaining," Information Economics and Policy, Elsevier, vol. 17(3), pages 349-364, July.
    15. Baojun Jiang & Lin Tian, 2018. "Collaborative Consumption: Strategic and Economic Implications of Product Sharing," Management Science, INFORMS, vol. 64(3), pages 1171-1188, March.
    16. Holm, Håkan, 2000. "The Computer Generation's Willingness to Pay for Originals when Pirates are Present – A CV study," Working Papers 2000:9, Lund University, Department of Economics, revised 16 Mar 2001.
    17. Xinyu Hua & Kathryn E. Spier, 2023. "Settling Lawsuits With Pirates," International Economic Review, Department of Economics, University of Pennsylvania and Osaka University Institute of Social and Economic Research Association, vol. 64(2), pages 543-575, May.
    18. Gayer, Amit & Shy, Oz, 2003. "Internet and peer-to-peer distributions in markets for digital products," Economics Letters, Elsevier, vol. 81(2), pages 197-203, November.
    19. Shin-yi Wu & Pei-yu Chen, 2008. "Versioning and Piracy Control for Digital Information Goods," Operations Research, INFORMS, vol. 56(1), pages 157-172, February.
    20. Gayer, Amit & Shy, Oz, 2003. "Copyright protection and hardware taxation," Information Economics and Policy, Elsevier, vol. 15(4), pages 467-483, December.

    Corrections

    All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:inm:orisre:v:19:y:2008:i:1:p:48-70. See general information about how to correct material in RePEc.

    If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.

    If CitEc recognized a bibliographic reference but did not link an item in RePEc to it, you can help with this form .

    If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.

    For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: Chris Asher (email available below). General contact details of provider: https://edirc.repec.org/data/inforea.html .

    Please note that corrections may take a couple of weeks to filter through the various RePEc services.

    IDEAS is a RePEc service. RePEc uses bibliographic data supplied by the respective publishers.