Preliminary and Incomplete
Internet Security, Vulnerability Disclosure, and Software Provision
Jay Pil Choi, Chaim Fershtman, and Neil Gandal1
April 5, 2005
In this paper, we examine how software vulnerabilities affect firms that sell software and consumers that purchase software. In particular, we model three decisions of the firm: (I) an upfront investment in the quality of the software to reduce potential vulnerabilities, (II) a policy decision whether to announce vulnerabilities, (III) and a price for the software. We also model two decisions of the consumer: (I) whether to purchase the software and (II) whether to apply a patch.