An onoi Analysis of Softwae Maket with Risk-Shaing ontat Byung ho i Tee Shool of Business anegie Mellon Uniesity Pittsbugh, PA 53 bki@andewuedu Pei-Yu hen Tee Shool of Business anegie Mellon Uniesity Pittsbugh, PA 53 yhen@andewuedu Tidas Mukhoadhyay Tee Shool of Business anegie Mellon Uniesity Pittsbugh, PA 53 tidas@andewuedu
Autho addesses: Byung ho i ontat autho Tee Shool of Business, anegie Mellon Uniesity, 5000 Fobes Ae, Pittsbugh, PA 53, USA Phone: -6-36, ail: bki@andewuedu Pei-Yu hen Tee Shool of Business, anegie Mellon Uniesity, 5000 Fobes Ae, Pittsbugh, PA 53, USA Phone: -6-9, ail: yhen@andewuedu Tidas Mukhoadhyay Tee Shool of Business, anegie Mellon Uniesity, 5000 Fobes Ae, Pittsbugh, PA 53, USA Phone: -6-307, ail: tidas@andewuedu
An onoi Analysis of Softwae Maket with Risk-Shaing ontat Byung ho i, Pei-Yu hen, and Tidas Mukhoadhyay ABSTRAT: Poo uality of softwae has been blaed fo oo seuity of ou oute netwoks in the sense that ajo iuses and wos exloit the ulneabilities of suh softwae Howee, softwae endos hae no inentie to ioe the uality of thei oduts sine they ae not dietly liable fo any loss due to oo uality Softwae liability has been intensely disussed aong oute sientists and juists fo deades as a ossible solution fo softwae uality ioeent This ae ooses a isk-shaing ehanis between softwae endos and ustoes as a aket-dien way to iose softwae liability We onside two diensions of softwae uality, whih ae funtionality and seuity uality We esent an eonoi odel of softwae aket with a isk-shaing ehanis, whih takes into aount the stategi intelay of isk-shaing and seuity uality of the softwae gien a etain leel of funtionality We then aly this odel in diffeent senaios, and exaine the iliations of isk-shaing ehanis in the ontext of ybe seuity Ou odel oides eidene of undeoided seuity uality of softwae unde the onooly ase, as has been obseed in the aket We onside feasibility and effetieness of the isk-shaing ehanis unde aious senaios, and ou esults suggest that this ehanis is oising Y WORDS AND PHRASS: ybe Seuity, Softwae Quality, Risk-Shaing
ntodution As the ntenet has eolutionized the way indiiduals, industy and the goenent ouniate and ondut thei daily business, the intensie inteonnetiity has ineased the ulneability of oute systes onseuently, netwok seuity beoes a ajo issue fo e- business and ooate ouniations The fist eot of the Joint Seuity oission to the United States ental ntelligene Ageny and the Deatent of Defense Sith, 99 stated, The seuity of infoation systes and netwoks is the ajo seuity hallenge of this deade and ossibly the next entuy Netwok seuity inludes oteting data against aident o aliious intent, eifying identity of uses who hae aess to data, eseing iay and onfidentiality, insuing alidity of tansations, deteting netwok iuses, and eenting syste ashes Failue to otet oute systes an ause enoous losses suh as hysial destution o theft of tangible assets, loss of data o oga files, theft of infoation, and delayed oessing To oe with the new isk, the oute industy has tied to deelo new weaons suh as fiewalls, enytion tehniues, aess ontol ehaniss, and intusion detetion systes The fedeal goenent has foed the Deatent of Hoeland Seuity and is deeloing a National Stategy to Seue ybe Sae Desite these effots, the seuity leel of oute netwoks is still ey low, and the otential loss is enoous nst & Young s Global nfoation Seuity Suey in 00 shows that only 0% of esondents ae onfident that they would detet a syste attak and 75% had exeiened unexeted unaailability nst & Young, 00 n anothe 00 suey, the Fedeal Bueau of nestigation and the oute Seuity nstitute eoted that 90% of esondents had been itiized by a ybeattak o seuity beah in the eeding onths, and the aeage estiated loss was about $ illion 3
e oganization Powe, 00 Fisk 00 agues that thee ae well known tehnial and oedual tehniues fo eenting oute syste ulneability Howee, alying these tehniues an be esoue intensie and will not be done without suffiient inentie One ajo eason fo this low seuity leel is that the softwae industy is at a sub-otial, but self-suoting euilibiu that does not suot the effot euied fo softwae ioeents ustoes do not hae good enough safeguads, both beause aailable otions on the seuity aket see to be ineffetie but too exensie, and beause the alue of unning safe oeation is often not fully aeiated They hae leaned to toleate low-uality softwae, enabling endos to be suessful without ioing the uality of thei oduts On the endo side, both a eeied sall aket and high deeloent osts hae ade deeloing high-uality softwae a signifiant isk to the endos The slow gowth of seuity aket and the low uality of softwae hae been identified as ain auses of the oo state of netwok seuity Yuik and Doss, 00 Howee, softwae endos hae no inentie to ioe the uality of thei oduts sine they ae not dietly liable fo any loss due to oo uality To sole this oble, seuity exets suggest legal liability and ybe insuane ehanis as ossible solutions Unfotunately, not uh eseah has been done on this oble fo the eonoi esetie n this ae, with the goal to ioe softwae uality, we oose a isk-shaing ehanis between softwae endos and ustoes as an altenatie solution Aoding to Fishe 00, soe oanies ae aleady deanding liability lauses in ontats with endos, holding the endos esonsible fo any seuity beah onneted to thei softwae al elle, esident of S Powe n, says, ontatual liability is a geat otiato enouaged that liability fo ulneabilities is
enteing into ontats We esent an eonoi odel of softwae aket, whih takes into aount the stategi intelay of isk-shaing and softwae uality We onside two diensions of softwae uality, whih ae funtionality and seuity uality We fist exaine the iliations of isk-shaing ehanis both in onooly and soially otial ases Ou odel oides eidene of unde-oided uality of softwae unde onooly, as has been obseed in the aket We find that the soial lanne who axiizes soial sulus offes highe-uality odut than the onoolist and that the isk-shaing fato and the uality of odut ae not stategi oleents This intuition oides insights fo the othewise unexeted esult that neithe the soial lanne no the onoolist has any inentie to bea the isk This is inteesting in the sense that een fo the soial lanne, shaing isk with the ustoes is not otial at euilibiu, although isk-shaing ehaniss suh as waanties ae widely used in othe industies We extend the odel to duooly oetition We stat with exaining the ase whee the entant bings a odut with the sae uality leel as the inubent who does not want to shae any isk Unlike the onooly ase, we find that the entant has an inentie to intodue ositie isk-shaing to alleiate oetition and that the isk-shaing leel ineases as the uality leel ineases Then we extend this senaio to the ase whee endos with oduts of sae uality diffeentiate thei oduts by offeing diffeent leels of isk-shaing We find that in the esene of oetition whee two endos diffeentiate thei odut not by uality but by isk-shaing, the high-alue endo is willing to shae the isk wheeas shaing no isk is the otial hoie fo the low-alue endo The high-alue endo s otial leel of isk-shaing is the sae as the isk-shaing leel of the entant in the fist duooly senaio, whih ineases as the uality ineases 5
t was oosed by the oliy akes and oute seuity exets that the goenent should offe tax inenties to businesses fo sending on seuity Haon, 003 We exaine how goenent subsidy affets the uality leel of the softwae unde onooly We find that a subsidizing oliy suh as offeing tax inenties eates no inentie fo the endo to bea the isk and wose, it edues the uality leel Although the subsidizing oliy ay lead to highe leel of ustoe seuity awaeness, it ay ake the situation wose in tes of uality of the softwae We inestigate whethe egulation on isk-shaing leel gies an inentie fo uality ioeent to the onoolist nteestingly, we find that the onoolist has an inentie to inease the uality when a etain leel of isk-shaing is iosed by the goenent Moeoe, ou esults show that when the ootion of the exeted loss to the ost of seuity deeloent ineases, the ange of egulation whih leads to highe uality also ineases The est of the ae is oganized as follows We oide a odel and exaine onoolist s and soial lanne s ases in setion We extend ou odel to aious senaios of duooly oetition in setion 3 n setion, we exaine oliy iliation of the iskshaing ehanis We disuss existing ehaniss suggested by atitiones and eeuisites fo the oosed isk-shaing ehanis in setion 5 Finally, setion 6 onludes the ae Model We analyze a softwae endo s deision on the uality and the isk-shaing leels, using a odel built on the odels of etial uality diffeentiation Mussa and Rosen, 97 Thee ae two tyes of layes in the aket: a softwae endo and ustoes t is shown that the best stategy fo the softwae endos is to intodue thei oduts as ealy as ossible and then to 6
ath the late Aoa et al, 003 onseuently, the initial uality of softwae oduts is lowe than exeted Seuity exets ague that the defets of suh softwae ae exloited by the aliious hakes to attak oute systes and that the uality of the geneal softwae in tes of seuity should be ioed STB/NR, 99 ustoes in ou odel ae onsideed to be fis that ae likely to hae highe inentie to adot seuity solutions than do indiiduals, whose awaeness of seuity in geneal is still ey low in eality We assue that ineasing the uality of softwae edues the exeted loss fo ybeattak in the life-san of the odut This is easonable in the sense that attaks on outes o systes with oe seue softwae ae less likely to sueed ustoe s Utility Funtion We onside two diensions of softwae uality, whih ae funtionality and seuity uality n ealy 00, Miosoft stoed all Windows featue deeloent and foused only on analysis of design, ode, test lans and douentation Ou odel eflets the uent henoenon by onsideing a endo that ehasizes on seuity deeloent gien a etain leel of funtionality, Let be the seuity uality of the softwae odut whee [0, ] Seuity uality easues ulneability of the softwae to attaks at the odut launh Bug-fee softwae an be onsideed to be of efet seuity uality Following seuity exets aguent that the initial uality of odut launh attes and that the aailability of athing ehanis ay wosen the situation, we fous on the initial uality in ou odel P is the obability that an attak sueeds when -uality softwae is installed and L is the loss aused by a suessful attak Unde the oosed isk-shaing ehanis, the endo takes soe ootion of the isk, denoted by f an attak on the ustoe s netwok o syste is 7
suessful and inus loss, then the endo shaes the esonsibility with its daaged ustoe Thus, the exeted utility of a ustoe who uhases softwae with ie is U P [ θ L ] P [ θ θ[ ] ] The exeted loss when -uality softwae is installed is denoted by, whih is PL in ou odel is based on a etain eiod of tie t is easonable sine ost softwae oduts ae liensed to the ooate ustoes Thus, the life-san of the softwae is onsideed to be the liensing eiod We assue that < 0 and > 0, so that the exeted loss deeases as the uality leel ineases at diinishing ate θ atues ustoe heteogeneity indiating how uh utility a ustoe deies fo the softwae s funtionality Losses aise out of business atiities Thus, the sae attak ay ause oe seee daage to soe fis than othes f θ is high, the ustoe is oe sensitie to seuity featues of the odut, in that she enjoys oe utility fo the odut, but also suffes oe disutility fo a suessful attak t holds in eality that soe fis ae oe sensitie to seuity than othes Fo exale, banks ay be suh ustoes with high θ We assue that θ is unifoly distibuted on [0, ] ustoes who hae exeted utility geate than zeo buy the softwae wheeas othes do not endo s Pofit Funtion A softwae endo s exeted ofit is π,, D,, whee D,, is the deand fo the odut, is the ie and eesents fixed ost fo oduing a odut with uality leel Podution of infoation good suh as softwae inoles high fixed osts but low aiable osts n othe wods, the ost of oduing
the oiginal oy is substantial wheeas the ost of oduing additional oies is negligible As a esult, gien the ontext of softwae odut, the ost does not deend on uantity, that is, the aiable ost of odution is zeo We assue onex ost funtion, that is, > 0 and > 0, so that the ost ineases as the uality leel ises at a gowing ate is the exeted loss, fo whih the endo is esonsible e unit of the odut Although aiable ost of odution is assued to be zeo, lays a ole of aiable ost in ou odel 3 Maket uilibiu unde Monooly The onooly ase is uite eleant to softwae industy onside the ase of Miosoft that doinates the P oeating systes aket Aoding to the 00 Seuity Softwae Maket Shae eot, Syante ontinued to lead the antiius aket, the lagest segent of seuity softwae industy, with a 50 eent shae of the obined enteise and onsue business, oe than double the neaest oetito Thus, analyzing the onooly ase still has a signifiant iliation fo softwae industy We analyze a thee-stage gae At the fist stage, the onoolisti endo deides the uality leel and the isk-shaing leel siultaneously and at the seond, the endo sets u the ie Then the ustoes deide whethe o not to buy the odut at the last stage Deand fo the softwae odut offeed by a onoolist is deied fo the euation, whih is the ustoes exeted utility and the unifo distibution of θ The deand is D,, Then the exeted ofit fo the onoolist beoes 9
π,, D,, 3 The fist ode ondition fo is π,, 0 Thus, 5 Substituting in 3 leads to π, 6 Note that ag axπ, 0 sine >0 and >0 The fist-ode ondition fo is π, 0 7 At euilibiu, we hae 0 and Soial Planne s Solution A soial lanne will offe the odut at aginal ost whih is Hene, the soial sulus an be witten as S, θ[ ] dθ θ whee θ θ t silifies to 0
S, Note that ag axπ, 0 sine >0 and >0 The fist-ode ondition fo is S, 0 9 At euilibiu, we hae 0 and Poosition : n a softwae aket, neithe the onoolist no the soial lanne is willing to shae the isk At euilibiu, the soial lanne offes a highe-uality odut than the onoolist Poof Please efe to the Aendix This is inteesting in the sense that neithe soial lanne no the onoolist has any inentie to bea the isk Note that the isk-shaing fato does not affet the fixed ost and that shaing no isk allows the soial lanne to fae zeo aginal ost and to oe the entie aket n othe wods, the soial lanne is left with no esoue to shae the ustoe s isk when it sees the entie aket by offeing ie at aginal ost Thus, it tuns out that een the soial lanne does not want to shae any isk nteestingly, the isk-shaing fato and the uality in ou odel ae not stategi oleents n othe wods, it is not always tue that the fatos that inease the isk-shaing leel also esult in highe uality Poosition oides eidene of unde-oided uality of softwae unde onooly, as what has been obseed in the aket Figue illustates the elationshi between the uality of a onoolist and a soial lanne [NSRT FGUR HR]
3 oetition 3 nubent and ntant with Sae Quality but Diffeent Risk-Shaing We fist study the ase of a duooly aket with an inubent and an entant offeing softwae oduts of sae uality This senaio atues the aket whee thee ae a onoolisti inubent that has no inentie to shae the isk and an entant that entes the aket binging a odut with the sae uality leel as the inubent s odut Ou fous is on whethe the entant has an inentie to shae the isk and if so, how uh it will be at euilibiu n this gae, the entant hooses its otial isk-shaing leel fist Then both the inubent and the entant set u the ie siultaneously At the last stage, ustoes deide whethe to buy fo the inubent o the entant o neithe The exeted utility offeed by the inubent is U θ [ ] 0 Siilaly, the exeted utility offeed by the entant is U θ [ ] Note that n ode to deie the deand funtion fo both endos, we esue that ustoes an hoose buying fo the inubent, the entant o neithe Fo outational oneniene, let denote the total alue offeed to the ustoe Thus, and The ustoes will buy fo the entant when θ θ and buy fo the inubent whenθ > θ and θ > 0 The deands fo both fis an be deied fo the aboe onditions
D and D The exeted ofits ae π π 3 By analyzing onditions that axiizes and 3, we deie the following esults Poosition : n the esene of oetition, the entant offeing the sae uality odut as the inubent shaing no isk has an inentie to intodue ositie isk-shaing to alleiate oetition Moeoe, as the uality leel ineases, the isk-shaing leel also ineases Poof Please efe to the Aendix n ontast to the onoolist and the soial lanne, the entant in this senaio has an inentie to shae the isk t follows that the isk-shaing leel ineases as the uality leel ineases This esult is uite inteesting in the sense that without the isk-shaing ehanis, the entant ay hae less inentie to ente the aket beause its enty ay tigge Betandlike ie oetition 3 Duooly oetition with Sae Quality but Diffeent Risk-Shaing This senaio sees as an extended ase n this senaio, two endos oete against eah othe with the odut of sae uality Howee, endos diffeentiate thei oduts by offeing diffeent leels of isk-shaing At the fist stage, both endos deide the isk-shaing leel gien uality and at the seond, otial ies ae hosen At the thid stage, ustoes 3
deide whethe to buy fo the inubent o fo the entant o neithe We label the endo shaing high isk, hene offeing high alue to ustoes as H endo and denote the othe endo shaing low isk, hene offeing low alue to ustoes as L endo Then the total alue offeed to the ustoe is H H and L L whee H > L Following the sae logi as we alied in the eious setion yields H L π H H H H L H L L π L L L H L L 5 t an be eified that the solutions fo π L 0 at euilibiu ies ae olex L nubes n othe wods, ag ax π is not an inteio solution but a bounday one L L Sine H > L fo any alue of H, ag ax π 0 L L 6 Substituting L in π H H yields H 3 7 Poosition 3: n the esene of oetition whee two endos offe sae-uality oduts, in euilibiu, isk-shaing ats as a diffeentiato that one fi will shae ositie isk, H 3 and thus offe highe alue to ustoes, while shaing no isk is the otial hoie fo the othe fi
Poof The esults dietly oe fo 6 and 7 Poosition 3 shows the otial isk-shaing leel fo eah of the high-alue and the lowalue endos When they diffeentiate thei oduts by offeing diffeent leels of isk-shaing, the high-alue endo has an inentie to shae ositie isk wheeas the low-alue endo is not willing to bea any isk This is inteesting in the sense that fo the low-alue endo, iskshaing ay see to be a isky business when it eeies that its ial will shae highe isk than itself Also note that high-alue endo s otial isk-shaing leel ineases as the uality leel ineases Thus, ustoes ay use the high-alue endo s isk-shaing leel as a oxy of its uality leel Poliy liation Subsidy fo ustoes Poosals fo goenent ation being disussed by oliy akes and oute seuity exets inlude offeing tax inenties to businesses fo sending on seuity Haon, 003 n this setion, we exaine how goenent subsidy fo ustoes affets the uality leel of the softwae unde onooly Let s be the subsidy fo eah ustoe who akes a uhase of softwae Then the exeted utility of the ustoe is U θ [ ] s The deand deied fo the aboe exeted utility is D,, s A onoolist endo s exeted ofit is then 5
π,, D,, s 9 At euilibiu, we hae 0 and s 0 Poosition : Fo a softwae odut, the onoolist edues the uality of its odut when goenent subsidizes the ustoes n tes of uality ioeent, goenent s subsidizing oliy akes the oble wose in onooly ase Poof Please efe to the Aendix nteestingly, we find that the goenent subsidizing oliy eates no inentie fo the endo to bea the isk and wose, it edues the uality leel Poo uality of aailable otions in the softwae aket has been identified as the ain ause of the oo state of seuity Although the subsidizing oliy ay otiate the ustoes to get the softwae, it ay ake the situation wose beause the oble is on the endo side Ou findings ily that heeing u the ustoes ay not wok effetiely Rathe, finding a way to enalize the endo that odues bad-uality oduts ay be a oe effetie oliy to ake ou ybe sae seue Regulation on Risk-Shaing We inestigate whethe goenent egulation on isk-shaing eates an inentie fo the onoolist to inease uality This is a oliy that dietly egulates the endo unlike subsidizing the ustoes We assue the exeted loss and the ost to be uadati funtions of uality as follows: 6
,, > 0 > 0 Note that is funtionality of the softwae as defined ealie Suose that the goenent ioses egulation on isk-shaing Let be the isk-shaing leel that the softwae endo is esonsible fo The exeted ofit fo the onoolist fo 6 is π, Gien, the fist-ode ondition fo fo 7 is π, Thus, we hae 0 { } { } { } Futhe deiation leads to the following Poosition 0 0 Poosition 5: When the goenent ioses isk-shaing between 0 and whee 56, the onoolist ineases the uality of the odut As the ootion of to ineases, the ange of egulation whih leads to highe uality also ineases Poof Please efe to the Aendix We find that egulation on isk-shaing leel woks bette than the subsidizing oliy in tes of uality ioeent t ilies that the goenent should adot the oliy to dietly enalize the onoolist that odues bad-uality odut athe than otiating ustoes osing a etain leel of isk-shaing on the onoolist side an be one exale The esults show the desiable ange of suh egulation that eates inentie fo the onoolist to inease 7
uality ntuitiely, as the ootion of funtionality to the ost fo uality deeloent beoes highe, the adissible ange of isk-shaing leel that leads to highe uality beoes wide Howee, iosing too uh isk-shaing on the onoolist ay ake the situation wose by aking the onoolist edue seuity uality Ou findings ay gie oliy akes a guideline when they want to egulate the onoolized softwae aket [NSRT FGUR HR] Figue illustates how uality hanges as the goenent ioses diffeent leel of isk-shaing on the onoolist t shows that thee exists a desiable ange of egulation on iskshaing that eates an inentie fo the onoolist to ioe the uality and that the ange ineases as the ootion of the exeted loss to seuity deeloent ost ineases t has a oliy iliation that egulation on isk-shaing ay be a good way fo uality ioeent but iosing too uh isk-shaing on the onoolist ay ake situation een wose 5 Disussion Poliy akes and seuity exets suggest two solutions to the softwae aket oble: legal liability and ybe insuane With a liability ehanis, softwae and systes endos ae legally liable fo safety- o seuity-eleant flaws that inole negligene o iseesentation Legal enfoeent is exeted to inease the uality of the softwae and systes Howee, the oute industy is unofotable with egulation, feaing that it ay inhibit innoation by linking legal isks and the deeloent of new oduts, and disouage odution Also, thee is a deliate issue of oen soue softwae The wites of oen soue softwae an be onsideed to be oluntees, so iosing legal liability on the ay not be fai Anothe oble is that while liability ehaniss ay indietly inease the ustoes utility by
ioing softwae uality, they do not dietly inease ustoes utility and, theefoe, ay not gie suffiient inenties fo the ustoes to hae oe seue systes onsideing the haateistis of the softwae industy, a oluntay and aket-dien egulation is likely to be oe effetie than a andatoy one Soe eseahes ague that insuane oanies an be a aket lee to enouage sound seuity by setting u standads fo best aties, alying essue on fis to edue insuane eius, and oiding inenties fo softwae oanies to offe seue oduts Howee, the insuane oanies ague that the itis of oute ishas ae elutant to ake thei infoation ubli by eoting to a thid aty the insuane oany Anothe oble with ybe insuane ehaniss is that endos of softwae and systes ae not esonsible fo the losses aused by the low uality of thei oduts Although the ybe insuane ehanis ay indietly eate inenties fo endos to odue highe-uality softwae, it annot dietly iose liability on the softwae endos Moeoe, insuane oanies ae elutant to get inoled in the softwae industy due to unetainty, lak of adeuate statistis and tehnologial hanges, although soe oanies suh as Safewae, Aeian nsuane Gou, and Zuih ae offeing oliies anging fo hadwae elaeent to full infoation-asset otetion Unlike the existing solutions, a isk-shaing ehanis an dietly affet the ustoe s utility and the endo s ofit Unde this ehanis, softwae endos ae esonsible fo a etain ootion of the loss aused by seuity beahes of thei oduts Thus, isk-shaing an eate inenties fo the softwae endos to deelo eliable oduts On the ustoe side, sine the endo s isk-shaing edues the buden on the ustoe, the deand fo the seue softwae oduts is exeted to inease n addition, a isk-shaing ehanis euies an 9
endeao to edit loss, whih an inease the ustoe s awaeness of the iotane of ybe seuity Theefoe, we suggest a isk-shaing ehanis as a fo of oluntay egulation t ioses liability on the softwae endo and allows the ustoes to shae thei isk without eealing thei infoation to a thid aty By ioing both the uality of the odut and the ustoe s awaeness, the isk-shaing ehanis is exeted to ioe the leel of netwok seuity of ou soiety 6 onlusion To enhane the oo state of netwok seuity, one needs to sole the fundaental oble giing softwae endos an inentie to inease the uality of thei oduts This ae ooses a isk-shaing ehanis between softwae endos and ustoes as a otential solution, and analyzes this aoah unde aious senaios We esent an eonoi odel of the softwae aket, whih takes into aount the stategi intelay of isk-shaing and uality of odut We fist oae the onoolist s and the soial lanne s solutions Ou esults gie eidene of unde-oided uality of softwae unde onooly, as has been obseed in the aket We find that the soial lanne who axiizes soial sulus offes highe-uality odut than the onoolist and that neithe the soial lanne no the onoolist has any to bea the isk This is inteesting in the sense that een fo the soial lanne, shaing isk with the ustoes is not otial at euilibiu although isk-shaing ehaniss suh as waanties ae widely used in othe industies This an be exlained by intuition that isk-shaing and uality ae not stategi oleents We extend the odel to duooly oetition n the ase whee the entant bings a odut with the sae uality leel as the inubent who does not want to shae any isk, we 0
find that the entant has an inentie to intodue ositie isk-shaing to alleiate oetition and that the isk-shaing leel ineases as the uality leel ineases We also find that in the esene of oetition whee two endos diffeentiate thei odut not by uality but by iskshaing, the high-alue endo is willing to shae the isk wheeas shaing no isk is the otial hoie fo the low-alue endo and that the high-alue endo s otial leel of isk-shaing ineases as the uality ineases We exaine how diffeent fos of goenent oliy affet the uality leel of the softwae unde onooly Fist, we analyze the softwae aket whee the goenent subsidizes the ustoes who send on seuity Unlike the edition of the atitiones, we find that the goenent subsidizing oliy eates no inentie fo the onoolisti endo to bea the isk and een edues the uality leel Then we inestigate whethe egulation on iskshaing eates an inentie fo the onoolist to inease uality Ou findings show that a etain leel of egulation on isk-shaing leads to highe uality and that it beoes oe effetie as the exeted loss gets oe seee oaed to the ost fo uality ioeent This ilies that the goenent should adot the oliy to dietly enalize the onoolist that odues bad-uality softwae athe than otiating ustoes Regulation on isk-shaing an be one exale Softwae liability has been an iotant issue aong oute sientists and atitiones Neetheless, no effetie liability-iosing ehanis has been found yet We oose a isk-shaing ehanis as a ossible solution Ou eseah ontibutes to the liteatue in the following ways Fist, we oide an eonoi faewok to a seuity issue whee only a little eious eseah has dealt with the oble of the softwae aket fo an eonoi esetie although the solution to this oble is eonoi athe than tehnial
Seond, ou esults suggest that a isk-shaing ehanis as a fo of aket-dien egulation that ioses liability on the softwae endo is oising Finally, we illustate how a oliy ake an establish an effetie way to inease the uality of softwae While signifiant, this study an be ioed in seeal ways Fist, in ou duooly oetition senaios, we assue that endo oete with sae uality but diffeent iskshaing xaining a senaio with diffeent uality and diffeent isk-shaing will be inteesting Seond, oaison of the isk-shaing ehanis with othe existing ehaniss suh as legal liability and ybe insuane based on the effetieness an be a way of extending this ae Thid, deeloing a way to deloy the isk-shaing ehanis ay fo a seaate eseah aea Fo exale, loss easueent and isk analysis ae eeuisites of the oosed iskshaing ehanis
3 Aendix of Matheatial Poofs Poof of Soial Sulus Let and Y X Then, X Y X Y X Y Xd S X Y θ θ This oletes oof QD Poof of Poosition Denote F Showing that F is an ineasing funtion of oletes the oof F Note that 0 and 0 0, 0, > < > > by assution Thus, 0 and 0 < < < Theefoe, we hae 0 > F QD Poof of Poosition The fist ode onditions fo and ae 0 and 0 π π Soling the fist ode onditions and gies the otial ies haged by both endos: and Substituting and in euation yields
3 3 π The fist ode ondition fo is 0 3 3 3 3 3 π Thus, the otial isk-shaing leel fo the entant is 3 Then we hae 3 3 3 Note that 0 and 0, 0, < > > Theefoe, 0 > QD Poof of Poosition Let be the otial uality of the onoolist without subsidy and be the otial uality of the onoolist with subsidy Then we hae and s Thus, 0 > s n the oof of oosition, we hae shown that is ineasing in, that is, is deeasing in Theefoe, > QD
5 Poof of Poosition 5 Soling fo yields { } { } 3 3 3 3 Denote be the onoolist s euilibiu uality when thee is no egulation Then 0 3 Thus, { } 3 Soling fo the otial uality of the onoolist yields Thus, 56 3 Let x, then 56 x x Thus we hae 0 6 > x x x x Thus, ineases as ineases QD
Aendix of Figues Figue Monoolist s Soial Planne ost x Loss 0 s Quality Figue uilibiu uality of onoolist and soial lanne Figue 0 035 Monooly unde Regulation,, 03 05 uality 0 uality 05, 0 005, 0 0 0 0 03 0 05 06 07 0 09 isk-shaing 0 0 0 0 03 0 05 06 07 0 09 isk-shaing,, uality uality 0 0 0 0 03 0 05 06 07 0 09 isk-shaing 0 0 0 0 03 0 05 06 07 0 09 isk-shaing Figue Monooly unde egulation 6
Refeenes Aoa A, J aulkins, and R Telang, Sell Fist, Fix Late: at of Pathing on Softwae Quality, Woking Pae, anegie Mellon Uniesity, 003 ausoglu H, B Misha, and S Raghunathan, A Model fo aulating T Seuity nestents, ouniations of the AM 77: 7-9, 003 3 ausoglu H, B Misha, and S Raghunathan, The ffet of ntenet Seuity Beah Announeents on Maket alue: aital Maket Reation fo Beahed Fis and ntenet Seuity Deeloes, ntenational Jounal of letoni oee 9: 69-05, 00 oute Siene and Teleouniations Boad STB and National Reseah ounil NR, outes at Risk: Safe outing in the nfoation Age, National Aadey Pess, 99 5 nst & Young, Global nfoation Seuity Suey 00, htt://wwweyol /gdownload /GSS_00df, 00 6 Fishe D, ontats Getting Tough on Seuity, eweek, Ail 5, 00 7 Fisk M, auses & Reedies fo Soial Aetane of Netwok nseuity, in Poeeding of the Woksho on onois and nfoation Seuity, Uniesity of alifonia, Bekeley, May 6-7, 00 Haon A, Digital andalis Sus a all fo Oesight, New Yok Ties, Setebe, 003 9 ishnan M S, H iebel, S eke, and T Mukhoadhyay, An iial Analysis of Podutiity and Quality in Softwae Poduts, Manageent Siene 66: 75 759, 000 7
0 Mussa M and S Rosen, Monooly and Podut Quality, Jounal of onoi Theoy : 30-37, 97 Powe R, 00 S/FB oute ie and Seuity Suey, oute Seuity ssues and Tends :-, 00 Ronnen U, Miniu Quality Standads, Fixed osts, and oetition, The RAND Jounal of onois : 90-50, 99 3 Shneie B, nfoation Seuity: How liable should endos be?, oute Wold, Otobe, 00 Sith J, Redefining Seuity, A Reot of the Joint Seuity oission, 99 5 Sene M, Monooly, Quality and Regulation, Bell Jounal of onois 6: 7-9, 975 6 Sene M, Podut Diffeentiation and Welfae, Aeian onoi Reiew, 66:07, 976 7 aian H R, Managing Online Seuity Risks, New Yok Ties, June, 000 Yuik W and D Doss, ybeinsuane: A Maket Solution to the ntenet Seuity Maket Failue, in Poeeding of the Woksho on onois and nfoation Seuity, Uniesity of alifonia, Bekeley, May 6-7, 00