Dissertation. Byung Cho Kim

Similar documents
The Contamination Problem in Utility Regulation

3 Game Theory: Basic Concepts

Supply Chain Management in a Dairy Industry A Case Study

The Impact of Digital File Sharing on the Music Industry: A Theoretical and Empirical Analysis

INTELLIGENCE IN SWITCHED AND PACKET NETWORKS

Journal of Manufacturing Systems. Tractable supply chain production planning, modeling nonlinear lead time and quality of service constraints

Chapter 1 Microeconomics of Consumer Theory

Middlemen, Non-Profits, and Poverty

OPTIONS ON NORMAL UNDERLYINGS

Economics 352: Intermediate Microeconomics. Notes and Assignment Chapter 5: Income and Substitution Effects

Labor Demand. 1. The Derivation of the Labor Demand Curve in the Short Run:

Using Live Chat in your Call Centre

Supply chain coordination; A Game Theory approach

Suggested Answers, Problem Set 5 Health Economics

From a strategic view to an engineering view in a digital enterprise

Social Network Analysis Based on BSP Clustering Algorithm

AUDITING COST OVERRUN CLAIMS *

Planning Approximations to the average length of vehicle routing problems with time window constraints

Open and Extensible Business Process Simulator

The Reduced van der Waals Equation of State

Computer Networks Framing

Weighting Methods in Survey Sampling

Base Plate and Anchor Rod Design

Static Fairness Criteria in Telecommunications

Economic and Antitrust Barriers to Entry

FOOD FOR THOUGHT Topical Insights from our Subject Matter Experts

Deadline-based Escalation in Process-Aware Information Systems

Trade Information, Not Spectrum: A Novel TV White Space Information Market Model

ECONOMIC OPTIMISATION AS A BASIS FOR THE CHOICE OF FLOOD PROTECTION STRATEGIES IN THE NETHERLANDS

In many services, the quality or value provided by the service increases with the time the service provider

Henley Business School at Univ of Reading. Pre-Experience Postgraduate Programmes Chartered Institute of Personnel and Development (CIPD)

Price-based versus quantity-based approaches for stimulating the development of renewable electricity: new insights in an old debate

Optimal Health Insurance for Multiple Goods and Time Periods

Learning Curves and Stochastic Models for Pricing and Provisioning Cloud Computing Services

MICHAEL GUNDLACH THE COCK TAIL PIANO METHOD VOLUME. DOWNLOAD PDF FILE

Requited Design Review Process

SLA-based Resource Allocation for Software as a Service Provider (SaaS) in Cloud Computing Environments

Electrician'sMathand BasicElectricalFormulas

RESEARCH SEMINAR IN INTERNATIONAL ECONOMICS. Discussion Paper No The Evolution and Utilization of the GATT/WTO Dispute Settlement Mechanism

Condominium Project Questionnaire Full Form

A Holistic Method for Selecting Web Services in Design of Composite Applications

Lemon Signaling in Cross-Listings Michal Barzuza*

Channel Assignment Strategies for Cellular Phone Systems

HEAT CONDUCTION. q A q T

Towards fully automated interpretable performance models

Agile ALM White Paper: Redefining ALM with Five Key Practices

Henley Business School at Univ of Reading. Chartered Institute of Personnel and Development (CIPD)

Entrepreneur s Guide. Starting and Growing a Business in Pennsylvania FEBRUARY newpa.com

Optimal Sales Force Compensation

Job Creation and Job Destruction over the Life Cycle: The Older Workers in the Spotlight

TRENDS IN EXECUTIVE EDUCATION: TOWARDS A SYSTEMS APPROACH TO EXECUTIVE DEVELOPMENT PLANNING

AUTOMATIC AND CONTINUOUS PROJECTOR DISPLAY SURFACE CALIBRATION USING EVERY-DAY IMAGERY

The Price of Uncertainty in Security Games

UNIVERSITY AND WORK-STUDY EMPLOYERS WEB SITE USER S GUIDE

Market power and banking failures

THE UNIVERSITY OF TEXAS AT ARLINGTON COLLEGE OF NURSING. NURS Introduction to Genetics and Genomics SYLLABUS

A Comparison of Service Quality between Private and Public Hospitals in Thailand

The Basics of International Trade: A Classroom Experiment

Professional Certificate Training in Business Writing

Neural network-based Load Balancing and Reactive Power Control by Static VAR Compensator

Health Savings Account Application

International Journal of Supply and Operations Management. Mathematical modeling for EOQ inventory system with advance payment and fuzzy Parameters

Table of Contents. Appendix II Application Checklist. Export Finance Program Working Capital Financing...7

Board Building Recruiting and Developing Effective Board Members for Not-for-Profit Organizations

DSP-I DSP-I DSP-I DSP-I

REINFORCED CONCRETE BEAMS: T-BEAMS AND DOUBLY REINFORCED BEAMS

ADULTS SERVICES KNOWLEDGE REVIEW 13. Outcomes-focused services for older people

Deliverability on the Interstate Natural Gas Pipeline System

' R ATIONAL. :::~i:. :'.:::::: RETENTION ':: Compliance with the way you work PRODUCT BRIEF

) ( )( ) ( ) ( )( ) ( ) ( ) (1)

Known: long, aluminum cylinder acts as an extended surface.

RATING SCALES FOR NEUROLOGISTS

Sebastián Bravo López

State of Maryland Participation Agreement for Pre-Tax and Roth Retirement Savings Accounts

Findings and Recommendations

ru ILllYC UT 3 IMC IrrCRCIYLL3 AND SIMLARITIES BETWEEN CALIFORNIA AND h.tlnols

Customer Efficiency, Channel Usage and Firm Performance in Retail Banking

Green Cloud Computing

Fair trade: a third generation welfare mechanism to make globalisation sustainable 1. CEIS Working paper n. 170

Fixed-income Securities Lecture 2: Basic Terminology and Concepts. Present value (fixed interest rate) Present value (fixed interest rate): the arb

Transcription:

issertation Essays on otare Market: eurity, Liability, and Priing By Byung ho Kim ommittee hair: Proessor Tridas Mukhoadhyay Proessor Pei-yu hen Proessor hris Forman eader Proessor ahul Telang Teer hool o Business arnegie Mellon University August 007

ediation This dissertation is dediated to my arents, ang Wook Kim and hang Hee Kim, or their unonditional sariie, endless suort, and love

Aknoledgements Pursuing my dotoral degree at arnegie Mellon has been a hallenging yet rearding eeriene o my lie All I had as luk, the best o hih as in the orm o my advisor, Proessor Tridas Mukhoadhyay ho is not only my aademi advisor, but also my mentor He has heled me go through all the diiulties I ame aross or the ast ive years at arnegie Mellon I ould like to sinerely thank him or his ontinuous guidane and suort throughout my dotoral rogram He has sent ountless hours disussing my researh, sharing his insights and eerienes ith me, guiding me through tough times, and sharening my learning skills Without his suort, atiene, and onidene in me, this dissertation ould not be ossible I eel honored to have had a hane to ork ith him and learn rom him I am grateul or the ontributions o Proessor Pei-yu hen ho has alays enouraged me ith belie in me sine my irst day at arnegie Mellon he has heled me develo analytial skills as ell as researh ideas I have beneited rom every single interation ith her he has dediated her time and eort to hel me beome a ritial thinker My areiation or her ontinuous guidane and suort is immeasurable I ould like to aknoledge ith great areiation the illingness o Proessor hris Forman to be my ommittee member I have beneited rom his insightul omments on my dissertation I ould also like to thank Proessor ahul Telang or his suggestions as an eternal reader Interations ith him through his seminar have heled me develo researh ideas in the area o inormation seurity I ould like to eress my gratitude to my brother, Byung o Kim, ho has been my role model Without his guidane, ursuing an aademi areer ould be like sailing a shi ithout a

ma and omass I ould also like to thank my brother, Byung Joon Kim or his inredible suort or the amily, hih made me stand strong throughout my dotoral rogram I am grateul to my sister, e in Kim or her love and suort I oe a tremendous debt o gratitude to my ie, Jin un Lee ho has suorted me ith inredible atiene and unavering onidene in me othing ould be ossible ithout her sariie in this long journey he has given me everything, best o hih is our baby e are looking orard to meeting soon I dediate this dissertation to my arents, ang Wook Kim and hang Hee Kim, ho have suorted me in rayer or suh a long time They never lost aith and onidene in me even hen I ould not quite believe in mysel I ish I ould have more time ith my ather ho deserves my lanned reayment Finally, I am grateul or God s rovision o joys, hallenges, and grae or groth

Table o ontents Abstrat Introdution An Eonomi Analysis o the otare Market ith a isk-haring ontrat Introdution Model ustomer s Beneit Funtion Vendor s Proit Funtion 3 isk-haring Mehanisms: Inentives 3 Market Outome under Monooly 3 oial Planner s olution 33 ometition 4 Poliy Imliations 4 egulation on isk-haring 4 ubsidy or ustomers 5 isussion 5 Inormation Asymmetry 5 Third Party olution 6 onlusion eerenes 3 The Eet o a Liability Mehanism on otare eurity: The Monooly ase 3 Introdution 3 General Model 3 Baseline 3 otare Liability 33 Equilibrium Analysis 33 otare Market ithout Liability 33 Partial Market overage 33 Full Market overage 34 otare Market ith Liability

34 Partial Market overage 34 Full Market overage 35 Poliy Imliations 35 Welare Analysis 35 Inormation Asymmetry 36 isussion: Endogenous otare Funtionality 37 onluding emarks Aendi eerenes 4 Priing Oen oure otare 4 Introdution 4 Literature evie 43 Model 43 ustomers 43 otare Priing hemes 44 Monooly 44 Prie 44 Proit 45 ometition 45 Oen oure otare ith ual-liensing versus ommerial otare 45 Oen oure otare uort versus ommerial otare 46 ometition in the Presene o ithing ost 46 Mirosot QL erver versus MyQL 46 Mirosot Windos versus ed Hat Linu 47 isussion 48 onlusion Aendi eerenes

Abstrat otare has beome an indisensable art o our daily lives ot only large-sale oerating systems in businesses but also home eletri alianes suh as television sets and telehones are oered by thousands o rogram instrutions In the ne era o inormation tehnology, understanding eonomi issues beomes a key suess ator or the sotare industry, along ith maintaining tehnologial sueriority esite the eonomi nature and the inreasing attention rom the stakeholders in the sotare industry, many roblems o the sotare market have not been eamined by the eonomists and hene still remain unansered eseially in the emerging areas suh as sotare seurity and oen soure sotare My dissertation onsists o three essays hih eamine to issues through an eonomi lens: i sotare seurity and liability and ii oen soure sotare riing I aim to make both aademi and ratial ontributions by alying eonomi tools to analyze roblems that have been intensely disussed by omuter sientists, sotare engineers, oliy makers and jurists, and by justiying ongoing argument on the to issues ith aademi rigor Essay I rooses a risk-sharing mehanism beteen sotare vendors and ustomers as a ossible ay to inentivize the sotare vendors to imrove sotare seurity Essay II eamines a oliyoriented aroah o sotare liability and identiies onditions under hih the legal liability mehanism is eetive in terms o imroving sotare seurity In Essay III, I study the riing mehanisms nely introdued to the sotare market as a ay to make money rom oen soure sotare omarison beteen ommerial riing model ith oen soure sotare riing models suh as dual-liensing model and suort model leads to the onditions under hih eah riing model is viable Fators that aet the suess o the oen soure sotare riing models are identiied

Introdution As sotare has beome an indisensable art o our daily lives, aelerated ith the inreased aabilities o omuting devies, the market or sotare has beome large, mature, and omliated As a result, sotare industry in the ne era o inormation tehnology is dealing ith more eonomi issues than ever In the early days o akaged sotare, sotare develoers might be onerned about tehnology develoment ar more than eonomi issues suh as marketability, return on investment, ustomers inentive roblems, soial beneit, netork eternality, and even roitability We are no living in the orld, here every single moment o our lives is aided by systems, devies, and alianes oered by thousands o rogram instrutions From small home eletri alianes suh as television sets, miroaves, ashers and dryers, and omuters, o ourse, to large-sale oerating systems suh as national oer and energy systems, sotare lays a ruial role in our daily lives More sotare vendors are ometing in the market, more users are demanding a variety o sotare, and more businesses are deendent uon sotare Thus, understanding eonomi issues hih ill eventually lead to making rational deisions beomes a key suess ator in sotare business, along ith maintaining tehnologial sueriority For eamle, large sotare omanies are inreasingly relying on aquisitions or groth One instane is Orale that reently aquired Peoleot or $ billion and iebel ystems, the ustomer relationshi management giant, or $6 billion ot only the eonomi groth o the sotare industry but also unique harateristis o the sotare industry have atured eonomists attention otare is a oular eamle o inormation goods and its rodution requires large ied ost but negligible marginal ost hih is onsidered to be signiiant or most hysial goods Also, netork eternality lays an

imortant role in the sotare market sine sotare users oten enjoy additional beneit rom large netorks, and so areiate netork size Thus, managing omatibility and netork size is identiied to be a strategi hoie o the sotare vendors Even, there are issues or henomena in the sotare market, hih eonomists are not able to ully understand and elain ith eisting theory One eamle is the motivation o sotare develoers in oen soure sotare rojets, hih has not been ully elained ith eonomi utility theory Although more eonomists ay attention to the sotare market and eamine the issues rom an eonomi ersetive, many imortant questions regarding the raidly groing sotare industry still remain unansered My dissertation eamines the issues o sotare seurity, liability and riing rom an eonomi oint o vie eiially, I elore to issues in the sotare market, hih have been ontroversial among sotare engineers, omuter sientists, oliy makers, and jurists: i sotare seurity and liability and ii oen soure sotare riing Grounded on eonomi theory, I aim to anser to undamental questions Ho an e give sotare vendors an inentive to make their sotare more seure? Ho an e make money rom oen soure sotare? otare seurity and oen soure sotare are still virgin, yet romising areas to aademi researhers ith both tehnial and eonomi bakgrounds The aim o this dissertation is to rovide ansers to questions, one in the area o sotare seurity and the other in oen soure sotare market, hih have not been eamined by eonomists desite the eonomi nature o the roblems I aim to make ontributions to the literature o sotare eonomis, inormation seurity, and oen soure sotare by eamining the roblems through an eonomi lens, hih have been ontroversial among sotare eerts rom outside the domain o eonomis Pratially, my dissertation aims to give a guideline to the sotare

vendors ho ant to be suessul in business, ustomers ho ant to make a right hoie o the sotare, oliy makers ho ant to make our omuter netorks seure, and the business ho ant to make money rom oen soure sotare First, I eamine the issue o sotare seurity and liability The abundane o laed sotare has been identiied as the main ause o the oor seurity o omuter netorks Hoever, in the urrent state o the sotare market, sotare vendors do not have enough inentive to aly the available tehniques to revent vulnerabilities o their sotare sine ustomers do not areiate seure and sae sotare and seurity develoment is ostly As an inentive mehanism or sotare seurity imrovement, sotare liability has been intensely disussed among omuter sientists, jurists, and oliy makers or a long time esite the long years o debate, the researhers have not ome to a onlusion about the eetiveness o the liability mehanism I eamine to dierent orms o imosing liability on sotare vendors, hih are i risk-sharing ontrat beteen sotare vendors and ustomers and ii legal liability ontrolled by the government In Essay I, I roose a risk-sharing mehanism beteen sotare vendors and ustomers as a market-driven and voluntary aroah to imose liability on sotare vendors Grounded on eonomi theory, my model eamines the inentive o sotare vendors to share risk ith their ustomers The imat o risk-sharing on sotare seurity is studied otare is onsidered to have to dimensions o quality, hih are untionality and sotare seurity, and the ous o this study is sotare seurity I ind that sotare seurity is underrovided in the monooly market as has been observed in reality and that the monoolist sotare vendor does not have any inentive to share risk ith its ustomers In the ase o ometition, a sotare vendor ho 3

enters the market but is not able to dierentiate its rodut rom the eisting monoolist sotare vendor s sotare may be illing to share risk ith ustomers to alleviate ometition Essay II analyzes the imat o legal and uniorm sotare liability on sotare seurity in the monooly market The eetiveness o the liability mehanism is eamined in terms o imroving sotare seurity and inreasing market overage o the monoolist sotare vendor, both o hih are imortant beause oliy makers should make sure that the monoolist is illing to serve enough ustomers ith roviding reasonably seure sotare Overall, I ind that liability guarantees neither better sotare seurity nor higher soial surlus Fators that aet the eetiveness o the liability mehanism are identiied, suh as marginal illingness to ay o the ustomers, ost-eetiveness o seurity develoment and the seurity aareness o the ustomers Essay II eamines ho these ators aet the eetiveness o the legal liability on sotare seurity The seond roblem that my dissertation eamines is oen soure sotare riing eently, a ne and interesting movement has been observed in the oen soure sotare industry That is, some vendors o oen soure sotare seek to aitalize on the ubliity and oularity o their roduts unlike most o other oen soure sotare hih has been vieed as ree ubli goods To aroahed have been suessul in making money rom oen soure sotare One is the dual-liensing model, hih has been suessully adoted by MyQL, and the other is the suort model, hih has been reresented by ed Hat s suort servie model or its Enterrise Linu Essay III eamines the viability o these oen soure sotare riing mehanisms hih are ne to the sotare industry under various senarios The otimal riing strategies o both the ommerial and the oen soure sotare vendors are studied given the ustomers ho have to soures o heterogeneity: taste and tehnial savviness 4

The rest o my dissertation is organized as ollos etion resents Essay I hih eamines the risk-sharing mehanism beteen sotare vendors and ustomers Essay II studies the oliy oriented aroah o sotare liability in etion 3 Finally, etion 4 delivers Essay III that eamines the issue o oen soure sotare riing Methodologially, I use analytial tools inluding game theory and industrial organization 5

An Eonomi Analysis o the otare Market ith a isk-haring ontrat Introdution As the Internet has revolutionized the ay individuals, industry and the government ommuniate and ondut their daily business, the intensive interonnetivity has inreased the vulnerability o omuter systems onsequently, netork seurity beomes a major issue or eletroni business and ororate ommuniations To oe ith the ne risk, the omuter industry has attemted to develo ne eaons suh as irealls, enrytion tehniques, aess ontrol mehanisms, and intrusion detetion systems The ederal government has ormed the eartment o Homeland eurity, and is develoing a ational trategy to eure yber ae esite these eorts, the seurity level o omuter netorks is still lo, and the otential loss is enormous Ernst & Young s Global Inormation eurity urvey 004 shos that only 0% o the resondents strongly agreed that their organizations ereive inormation seurity as a EO level riority and that less than hal agreed that they ould ontinue business oerations in the event o a serious disrution Ernst & Young 004 The omuter eurity Institute and the Federal Bureau o Investigation reorted that total losses due to omuter rimes and omuter seurity inidents or the resondents to the 004 survey ere over 4 million U dollars Gordon et al 004 Fisk 00 argues that there are ell knon tehnial and roedural tehniques or reventing omuter system vulnerability Hoever, alying these tehniques an be resoureintensive and ill not be done ithout a suiient inentive One major reason or oor seurity is that the sotare industry is at a sub-otimal, but sel-suorting equilibrium that does not 6

suort the eorts required or sotare seurity imrovement ystem eurity tudy ommittee o the omuter iene and Teleommuniations Board TB believes that ustomers do not have good enough saeguards, both beause available otions on the seurity market seem to be ineetive and too eensive, and the value o running sae oeration is not ully areiated ational esearh ounil 99 otare users have learned to tolerate loquality sotare, enabling the vendors to be suessul ithout imroving the quality o their roduts On the vendor side, a ereived lo illingness-to-ay or seurity quality in the market together ith high develoment osts have made roduing highly seure sotare a signiiant risk lo groth o the seurity market and lo quality o sotare have been identiied as main auses o the oor state o netork seurity Yurik and oss 00 Hoever, sotare vendors have no inentive to imrove the quality o their roduts sine they are not diretly liable or any loss due to oor quality To solve this roblem, seurity eerts suggest legal liability and yber insurane as ossible solutions hneier 004, Varian 000 Unortunately, not muh researh has been done on this roblem rom an eonomi ersetive Aording to Fisher 00, some omanies are already demanding liability lauses in ontrats ith vendors, holding the vendors resonsible or any seurity breah onneted to their sotare, quoting Karl Keller, resident o I Poer In, ho says, ontratual liability is a great motivator I m enouraged that liability or vulnerabilities is entering into ontrats In this aer, e roose a risk-sharing mehanism beteen sotare vendors and ustomers as an alternative solution to imrove sotare quality With an eonomi model o the sotare market, e eamine the inentive o sotare vendors to share risk ith their ustomers and study the imat o risk-sharing on sotare quality Our model aommodates to 7

dimensions o sotare quality, hih are untionality and seurity quality, but our ous throughout the aer is seurity quality Hene e use sotare quality and seurity quality interhangeably We ind the evidene o under-rovided quality o sotare under monooly, as has been observed in the market The results sho that the soial lanner ho maimizes the beneit o the entire soiety oers a higher-quality rodut than the sotare vendor ho ursues roit We also ind that imosing more risk on the sotare vendor does not guarantee higher quality This intuition rovides insights or the otherise uneeted result that neither the soial lanner nor the monoolist has any inentive to bear the risk In elare eonomis, soial lanner is a deision maker ho ursues the best outome or all arties in the market In the real-orld sotare market, it an be the government hose goal is maimizing the sum o the sotare users beneits and the sotare vendors roit Oen soure sotare vendors an be another eamle in that the individual sotare develoers in the oen soure rojet oten ut riority on user beneit over ost Our indings are interesting in the sense that even or suh soial lanner, sharing risk ith the ustomers is not an otimal strategy, although risk-sharing mehanisms suh as arranties are idely used in other industries In the ase o ometition, a sotare vendor may have an inentive to share risk We start by eamining the ase here a ne vendor brings a rodut ith the same quality level as the established monoolist vendor ho does not ant to share any risk Unlike the monooly ase, e ind that the ne vendor has an inentive to introdue ositive risk-sharing to alleviate ometition, and that the risk-sharing level inreases ith the quality level et e etend this senario to the ase here to vendors ith roduts o the same quality an dierentiate their roduts by oering dierent levels o risk-sharing We ind that neither the high-value vendor nor the lo-value vendor has an inentive to share any risk ith ustomers In other ords, risk- 8

sharing may not at as a rodut dierentiator ithout any regulation, meaning that the government should lay a role in the sotare market as a market regulator We then eamine the oliy imliations o the roosed risk-sharing mehanism While e have shon that neither a monoolist sotare vendor nor a soial lanner ould share risk hen it is voluntary, the quality oered by a monoolist is loer than the soially otimal level We investigate hether regulation on risk-sharing level gives an inentive or quality imrovement to the monoolist Interestingly, e ind that the monoolist has an inentive to inrease the quality hen a ertain level o risk-sharing is imosed by the government Our results sho that hen seurity investment is more ost eetive, that is, imosing the same amount o money on seurity develoment revents higher loss, the government s imosing more liability on the sotare vendor leads to better outome, that is, better sotare seurity We also ontrast this inding to government subsidy Poliy makers and omuter seurity eerts have suggested that the government should oer ta inentives to businesses or sending on seurity Harmon 003 We eamine ho the government subsidy aets the quality o the sotare in a monooly We ind that a subsidizing oliy reates no inentive or the vendor to bear risk and orse, it redues the quality level Although the subsidizing oliy may lead to higher level o ustomer seurity aareness, it may make the situation orse in terms o sotare quality Finally, e disuss other ossibilities in the sotare market We irst eamine the sotare market here there eists inormation asymmetry beteen the monoolist sotare vendor and its ustomers That is, ustomers are not aable o estimating the loss due to sotare quality hile the sotare vendor has the orret eetation o the loss Unlike the monooly ase ith eret inormation, the monoolist sotare vendor has an inentive to take ull resonsibility 9

hen ustomers eretion o the loss is high Hoever, hen ustomers underestimate the loss, the monoolist sotare vendor does not ant to share any risk ith its ustomers It is onsistent ith the idely aeted seurity eerts argument that lo level o sotare users seurity aareness ontributes to the oor sotare seurity ionen 00 We then investigate hether the availability o the third arty seurity solution suh as yber insurane and seurity sotare an ut ressure on the monoolist sotare vendor to develo seurity Interestingly, e ind that the sotare vendor elomes suh third arties in the market so that ustomers manage their on seurity through suh third arty solutions In that ay, the monoolist sotare vendor does not have to invest on seurity develoment The rest o the aer is organized as ollos We resent our model in setion, and eamine the inentives to adot risk-sharing under the ases o a monoolist sotare vendor, a soial lanner, and duooly ometition in setion 3 In setion 4, e eamine oliy imliations o the risk-sharing mehanism etion 5 disusses to imortant issues regarding sotare liability: third arty solution and inormation asymmetry Finally, setion 6 onludes the aer Model We analyze a sotare vendor s deision on the quality and the risk-sharing levels, using an eonomi model o quality dierentiation Mussa and osen 978, onnen 99 There are to tyes o layers in the market: a sotare vendor and ustomers It is shon that the best strategy or the sotare vendors is to introdue their roduts as early as ossible and then to ath them later Arora et al 006 These indings are onsistent ith the enetrate-and-ath strategy hih is oten observed in the industry here entering the market early brings etra beneit to 0

the irms Anderson 00 argues that the revalene o the enetrate-and-ath strategy makes seurity develoment diiult Brady et al 999 disusses seurity develoment using the enetrate-and-ath strategy and the ay to deal ith vulnerabilities in a quantitative ay In the real orld, e observe that sotare athing is a ommon ay to deal ith sotare seurity roblems For eamle, Mirosot issues athes on an almost daily basis Eonomi Times 00 onsequently, the initial quality o sotare roduts is lo eurity eerts argue that the deets o suh sotare are eloited by maliious hakers to attak omuter systems, and that the quality o the general sotare in terms o seurity should be imroved ustomers in our model are onsidered to be irms that are likely to have higher inentive to adot seurity solutions than do individual onsumers, hose aareness o seurity in general is still lo in reality and may also have lo bargaining oer in demanding a risk-sharing lause We assume that inreasing the level o seurity quality o sotare redues the eeted loss rom yber attak in the lie-san o the rodut This is reasonable in the sense that attaks on omuters or systems ith more seure sotare are less likely to be suessul ustomer s Beneit Funtion We onsider to dimensions o sotare quality: untionality and seurity quality In a memo in January 00, Bill Gates instruted Mirosot to shit its to riority rom adding ne eatures to ensuring that sotare is seure and to sto all Windos eature develoment, and ous only on seurity imrovement Marko 00 Our model onsiders a vendor that emhasizes seurity quality given a ertain level o untionality V > 0 Throughout this aer, sotare quality denotes seurity quality, not untionality Let q be the seurity quality o the sotare rodut

here q [0, ] eurity quality measures vulnerability o the sotare to attaks at the rodut launh Bug-ree sotare an be onsidered to be o eret seurity quality, given a ertain level o untionality V Folloing the argument o seurity eerts that the initial quality o the sotare at the rodut launh matters, and that the availability o athing mehanism may orsen the situation, e ous on the initial quality in our model Let Kq be the eeted loss in the rodut lie-san hen q-quality sotare is installed under non-targeted attaks that eloit the vulnerabilities o the sotare due to imeret ode Under the roosed risk-sharing mehanism, the vendor takes some roortion o the risk, denoted by r here r [0, ] I any attak eloiting the vulnerability o the installed sotare is suessul and inurs loss, then the vendor shares the resonsibility ith its ustomers Thus, the eeted beneit o a ustomer ho urhases the sotare ith rie is E U θ [ V r K q] Kq in our model is based on a ertain eriod o time It is reasonable sine most sotare roduts are liensed to the ororate ustomers Thus, the lie-san o the sotare is onsidered to be the liensing eriod We assume that K q < 0 and K q > 0, so that the eeted loss dereases as the quality level inreases at a diminishing rate θ atures ustomer heterogeneity indiating ho muh utility a ustomer derives rom the sotare s untionality The same attak may ause more severe damage to some irms than others I θ is high, the ustomer is more sensitive to seurity eatures o the rodut, in that she enjoys more utility rom the rodut, but also suers more disutility rom a suessul attak It holds in reality that some irms are more sensitive to seurity than others For eamle, banks may be suh ustomers ith high θ We assume that θ is uniormly distributed on [0, ] ustomers ho have eeted utility greater than zero buy the sotare, hereas others do not

Vendor s Proit Funtion The sotare vendor s eeted roit is E π, q, r, q, r rk q q here, q, r is the demand or the rodut, is the rie and q reresents the initial ost or roduing sotare ith quality level q Prodution o inormation goods suh as sotare involves high initial ost but lo marginal ost In other ords, the ost o roduing the original oy is substantial hereas the ost o roduing additional oies is negligible Aording to Varian 00, this ost struture o onstant ied ost and zero marginal ost is ommon assumtion or inormation goods, but is rarely observed or hysial roduts sine there are aaity onstraints in nearly every rodution roess As a result, given the ontet o sotare rodut, the ost does not deend on quantity, that is, the marginal ost o rodution is zero We assume a onve ost untion, that is, q > 0 and q > 0, so that the ost inreases as the quality level rises at a groing rate rk q is the eeted loss, or hih the vendor is resonsible er unit o the rodut Although the variable ost o rodution is assumed to be zero, rk q lays a role o the variable ost in our model Table summarizes the notations used in the baseline model q Kq q r θ seurity quality eeted loss hen q-quality sotare is installed ied ost to rodue sotare ith seurity quality q roortion o the risk or hih the sotare vendor is resonsible sotare rie ustomer taste 3

V,q,r Funtionality demand or sotare Table otations Used in the Baseline Model 3 isk-haring Mehanisms: Inentives 3 Market Outome under Monooly The monooly ase is quite relevant to sotare industry onsider the ase o Mirosot, hih dominates the P oerating systems market eleting reality, e set u a model in the olloing ay First, the sotare vendor deides the quality level q and the risk-sharing level r, simultaneously, and then, it sets u the rie or the sotare Finally, the ustomers deide hether or not to buy the sotare based on rie, quality and the vendor s risk-sharing level emand or the sotare rodut oered by a monoolist is derived rom the eeted utility o the ustomers The demand is, q, r V r K q Then the eeted roit or the monoolist beomes E π qr,, qr,, rkq q rk q q V r K q The irst-order ondition or is E π qr,, rkq 0 V rkq V rkq and the seond-order ondition or is 4

E π qr,, < 0 V r K q Thus, solving or the irst-order ondition or yields the otimal rie that maimizes the vendor s roit as ollos: V r K q ubstituting in the sotare vendor s eeted roit untion leads to V K q E π q, r q 4 V r K q ote that r arg maπ q, r 0 sine r q V K >0 and q K >0 The irst-order ondition or q is E π q, r K q V K q r K q V K q q 0 q V rkq 4 V rkq Let M in the subsrit reresent the monoolist sotare vendor At equilibrium, e have r 0 and M K q q M M 4 The ratio an be interreted as the ost-eetiveness o seurity quality imrovement in terms o reduing the risk The larger ratio imlies that inreasing the same level o seurity quality o sotare revents more loss at loer ost The results imly that the monoolist has no inentive to voluntarily share any risk although the risk-sharing mehanism is adoted ine one vendor dominates the market in this senario, it may be satisied ith the urrent state o the market here the entire risk is on the ustomer side Without sharing any risk ith its ustomers, the sotare vendor an maimize its roit hen it dominates the market For the monoolist that already enjoys all the beneits in the monooly market, risk-sharing only hurts its roit The otimal seurity quality is hosen hen the 5

marginal beneit inrease rom loering loss due to better seurity is our times the marginal ost inrease on seurity quality This imlies that the monoolist sotare vendor maimizes its roit hen it hooses the seurity quality at hih it enjoys loss derease our times more than ost inrease Based on the untional orm, e urther analyze the quality hoie o the monoolist in the net setion 3 oial Planner s olution A soial lanner is one hose riority is to maimize the beneit o the entire soiety, not like the vendor ho ursues roit In reality, it an be a sotare vendor that tries to maimize ustomers beneit hile it maimizes its on beneit Oen soure sotare vendors an be suh eamles in the sense that they attemt to maimize user beneit and their on beneit, hih is not neessarily monetary roit The beneit o the entire soiety in the sotare market means the sum o all the ustomers beneit and the sotare vendor s roit In the eonomis literature, the soial beneit is maimized hen the rie is set u at the marginal ost, hih is rkq in our model Hene, the soial beneit an be ritten as q, r θ[ V r K q] dθ θ rk q q here θ It simliies to θ rk q V r K q V K q qr, q V r K q Proo Let X V r K q and Y rk q Then 6

q, r θ Xdθ Y X Y X This omletes roo QE X Y Y q X q V K q q V r K q ote that r arg maπ q, r 0 sine r q V K >0 and q K >0 The irst-order ondition or q is q, r K q V K q r K q V K q q 0 q V rkq V rkq Let P in the subsrit denote the soial lanner in the monooly market At equilibrium, e have r 0 and P K q q P P We ind that the neither the soial lanner nor the sotare vendor under monooly ants to share any risk ith the ustomers This imlies that sharing risk ith ustomers may be less ost-eiient than inreasing sotare seurity to ahieve their goals: maimizing roit or soial elare We inlude the soial lanner ase to omare the monoolist sotare vendor s seurity quality ith the soially desirable level o seurity quality omarison o the otimal quality levels by the sotare vendor and the soial lanner leads to the olloing roosition Proosition : In a sotare market ith a risk-sharing mehanism, neither the monoolist nor the soial lanner is illing to share any risk Hoever, the soial lanner oers a higherquality rodut than the monoolist Proo eall that K q q M M 4 and K q q P P K q enote F hoing that F is an q inreasing untion o q omletes the roo 7

F q K q K q q q K q K q q q q K q q ote that q > 0, q > 0, K q < 0 and K q > 0 by assumtion Thus, K q < 0 q and K q q < 0 < K q q F Thus, e have > 0, hih imlies that F is an inreasing untion o q Thereore, q q P qm > QE This is interesting in the sense that neither the soial lanner nor the monoolist has any inentive to bear the risk While it seems surrising that the soial lanner ill not share any risk, this is atually a result o otimal resoure alloation The soially otimal outome is arrived at hen the soial lanner alloates all resoures to develo better quality rather than to share risk eall that the ost o roduing additional oies o inormation goods suh as sotare is negligible In other ords, the marginal ost o rodution is near zero Hoever hen the sotare vendor shares any risk ith its ustomers, it aes the eeted loss or eah oy sold Thus, although the marginal ost o rodution is zero, the ost o selling additional oy is ruial in the ase o risk-sharing ote that sharing no risk allos the soial lanner to ae zero marginal ost and to over the entire market The soial lanner is let ith no resoure to share the loss hen it serves the entire market by oering a rie at marginal ost Thus, it turns out that even the soial lanner does not ant to share any risk Interestingly, e ind that the ators that inrease the risk-sharing level do not alays result in higher quality Proosition rovides evidene o under-rovided quality o sotare under monooly, as has been observed in the market Figure illustrates the relationshi beteen the quality o a monoolist and a soial lanner 8

Monoolist versus oial Planner q Loss ost Kq 0 qm qs Quality Figure Equilibrium Quality o the Monoolist and the oial Planner We net eamine the inentive to share risk hen there is ometition in the market 33 ometition Inumbent and Entrant ith the ame Quality otare Produt We irst study the ase o a duooly market here a ne vendor brings the same-quality sotare rodut as the established vendor In this senario, there are an established monoolist vendor that has no inentive to share the risk and a ne vendor that enters the market bringing the same-quality sotare rodut as the inumbent in terms o untionality and seurity quality We all the established vendor an inumbent and the ne vendor an entrant We investigate hether the entrant has an inentive to share any risk to be ometitive against the inumbent hen it is not easy or the ne vendor to rodue better-quality sotare due to various reasons suh as tehnologial barrier We are also interested in the level o risk-sharing oered by the entrant i any In this ase, the entrant hooses its otimal risk-sharing level irst Then both the inumbent and the entrant set u their on ries simultaneously Finally, ustomers deide 9

hether to buy rom the inumbent or the entrant or neither Let I in the subsrit denote the inumbent and E reresent the entrant Table shos the notations used in the model or the inumbent and the entrant senario Other arameters stay the same as in the baseline model elained in Table q seurity quality rovided by both the inumbent and the entrant K q eeted loss hen sotare is installed q ied ost to rodue sotare I rie or inumbent s sotare rodut E rie or entrant s sotare rodut v I total value oered to a ustomer by inumbent s sotare V K q v E total value oered to a ustomer by inumbent s sotare V r K q Table otations Used in the ometition Model The eeted utility oered by the inumbent is EU θ[ VK q] imilarly, the eeted utility oered by the entrant is I EU θ[ V r K q] E In order to derive the demand untion or both vendors, e resume that ustomers an hoose buying rom the inumbent, the entrant or neither eall that v is the total value oered to the ustomer That is, v V K q and v V r K q v is the net beneit that the I E sotare rovides, hih is, the sotare untionality that a ustomer enjoys minus the I E 0

ustomer-side risk ine ustomers are heterogeneous in their valuation and loss, they ereive the value dierently as atured in our taste arameter θ The ustomers ill buy rom the entrant hen I I E E v v θ θ and they ill buy rom the inumbent hen and > 0 > I I E E I I v v v θ θ θ The demands or both irms an be derived rom the above onditions and I I I E I E I I E I E E v v v v v The eeted roits are and E I E I I E E I I E I E I I E rk q q Eπ q v v v v v π The irst order onditions or I E and are 0 and 0 I I I E I I E E I I I E I I E E E E v v v v v E v v v v E π π olving the irst order onditions I E and gives the otimal ries harged by both vendors: 4 and 4 4 I E I E I I I E I E E E v v v v v v v v v v ubstituting and I E in the eeted roit untions yields 4 3 3 q q rk q K V q rk q K V q q rk v v r E E I E I E E π The irst order ondition or r is 0 4 3 3 8 4 3 3 3 q rk q K V q rk q K V q rk q K V q K q K V r r E E π

Arranging the irst order ondition shon above leads to the otimal risk-sharing level: r 3 V K q 4K q ote that r 3K q 3 V K q 3K q K q V q 4K q 4K q 4K q r ine V > 0, K q > 0, and K q < 0, e have > 0 q The analysis that e ent through leads to the olloing roosition Proosition : In the resene o ometition, the entrant oering the same quality sotare as the inumbent sharing no risk has an inentive to introdue ositive risk-sharing to alleviate ometition Moreover, as the quality level inreases, the risk-sharing level also inreases In ontrast to the monoolist and the soial lanner, the entrant in this senario has an inentive to share the risk ith its ustomers When the market is dominated by a single sotare vendor, ustomers may have to be more ontent ith the rodut sine they have only to otions: buy the sotare rom the monoolist or not buy any But i ometition omes into lay, ustomers ae more otions, imlying that they an hoose rom either the inumbent or the entrant In order to omete against an established inumbent vendor, the entrant may need to give more value to the ustomers to attrat them Our results sho that the entrant has an inentive to share ositive risk ith the ustomers as a ay to survive the ometition against an inumbent hen both rovide the same quality sotare rodut It ollos that the risk-sharing level inreases ith the quality level This result is quite interesting in the sense that ithout the risk-sharing mehanism, the entrant may have less inentive to enter the market beause its entry may trigger intensive rie ometition Hoever, ith the risk-sharing mehanism, the entrant

an use risk-sharing to alleviate the rie ometition and to be ometitive against the inumbent Interestingly, e ind that the entrant s otimal risk-sharing level inreases as the quality level inreases Thus, ustomers may use the entrant s risk-sharing level as a roy o the quality level given in the market In reality, it is not easy or the ustomers to evaluate quality beore using it, eseially hen the rodut is tehnology-intensive ustomers realize the quality o suh roduts ater using them Thus, ustomers use a roy or the rodut quality in many ases For eamle, rie an be a good roy in the sense that ustomers eet more eensive rodut to have higher quality The brand name o the vendor is another ossibility It is oten hard or the vendor ith eak reutation to make ustomers areiate its high rodut quality Our results sho that a risk-sharing mehanism gives an oortunity to suh vendors sine ustomers evaluate the quality by observing the risk-sharing level We an easily ind an eamle in the automobile industry When KIA entered the U automobile market, it suered rom eak reutation and ustomers did not trust the quality o KIA ars By adoting a 0-year arranty, KIA as able to rojet the quality o its roduts by shoing its onidene The 0-year arranty turned out to be an eetive strategy in terms o inreasing reutation as ell as market share uooly ometition ith ame Quality but ierent isk-haring This senario serves as an etended ase to the revious one In this senario, to vendors omete against eah other ith roduts o the same quality and they are alloed to dierentiate their roduts by oering dierent levels o risk-sharing That is, one vendor shares higher risk ith its ustomers than the other In this senario, both vendors deide the risksharing level given a ertain level o quality Then, they hoose the otimal ries Finally, 3

ustomers make their urhasing deisions We label the vendor sharing high risk, hene oering high value to ustomers, as an H vendor and denote the other vendor sharing lo risk, hene oering lo value to ustomers, as an L vendor Then the total value oered to the ustomer is v H V rh K q and vl V rl K q here rh rl ase : Both vendors share the same level o risk r r In this ase, both vendors ae the same otimization roblem Let in the subsrit denote this symmetri ase The eeted roit or eah vendor beomes E π rk q q V r K q It an be readily veriied that H V r K q L ubstituting in the eeted roit untion yields V K q E π q 8 V r K q Thus, r arg ma E π r 0 When to vendors share the same level o risk, no risksharing is otimal or both vendors The roit or eah vendor is as ollos: V K q E π q 8 ase : Both vendors oer dierent levels o risk-sharing r > r Folloing the same logi as in the inumbent and the entrant senario leads to the olloing eeted roit untions: H L 4

H L E π H H rhk q q vh vl H L L E π L L rlk q q vh vl vl It an be veriied that the interior solution or the risk-sharing level does not eist Thus, e eamine the ase here the solution is a boundary one ine e assume that r > r in this H L senario, r annot be Thereore, one last ossibility is r arg ma E π 0 Then e ind L L L the best resonse o the high-tye vendor ubstituting r L in Eπ H r H yields r H 3 V K q 4K q Then the high-value vendor and the lo-value vendor eet the olloing roit: V K q E π H q 48 7 V K q E π L q 48 ote that the otimal strategy or the lo-value vendor is alays sharing no risk no matter hether the ometing vendor ants to dierentiate its risk-sharing level rom the lo-value vendor so that it an beome the high-value vendor or not In other ords, hen a sotare vendor ereives that the ometing vendor is aable o roduing same quality sotare rodut and sharing higher risk ith its ustomers, the sotare vendor is better o sharing no risk ith its ustomers The high-value vendor shares no risk hen it is alloed to oer the same Otimal ries or both the high-value and the lo-value vendors an be obtained Plugging and in the eeted roit untions lead to the untions o rh and r L o losed orm solutions or rh and rl are obtainable to maimize Eπ r and Eπ r H H L L H L 5

level o risk-sharing as the lo-value vendor When both vendors dierentiate their risk-sharing levels, the high-value vendor shares a ositive level o risk The inentive or the high-value vendor to oer ositive risk-sharing is deided by the roit omarison ote that V K q V K q E π q > E π H q 8 48 ine the high-value vendor makes higher roit in ase than in ase, the otimal strategy is sharing no risk ith the ustomers as the lo-value vendor does The olloing Proosition summarizes the results Proosition 3: In the resene o ometition here to vendors oer same-quality sotare, sharing no risk is the otimal hoie or both irms r r 0 Proosition 3 shos that risk-sharing may not at as a rodut dierentiator in the sotare industry When e eamine the ase here a ne vendor enters a market ith an established vendor, e ind that the ne vendor has an inentive to share the risk to omete ith the established vendor that shares no risk, hene ahieving higher roit The result imlies that there eists a irst-mover advantage in the sotare market In other ords, a vendor gains advantage by being irst to the sotare market ith a ne rodut or servie In this setion, e eamine the ase here both vendors make deision simultaneously We ind that neither the high-value vendor nor the lo-value vendor ants to share any risk Although ustomers may be better o ith a risk-sharing mehanism, the vendors do not ant to share any risk even in this ometition senario This result is onsistent ith the monooly ase in the sense that risksharing is a risky hoie or the sotare vendors sine it imoses high ost on them but ustomers do not areiate it muh o, unless a sotare vendor has high inentive to dierentiate its sotare rodut rom its ometitor as disussed in the inumbent and the H L 6

entrant senario, sotare vendors do not have any inentive to voluntarily share risk ith their ustomers The roblem o the sotare market is that vendors do not ant to rodue sotare ith high quality We ind that the vendors ill not voluntarily share any risk ith ustomers unlike many other industries One o the ators that dierentiate inormation goods rom other hysial goods is the ost struture Prodution o inormation goods suh as sotare involves high initial ost suh as innovation ost but lo marginal ost That is, the ied ost suh as investment on innovation is substantial hile the ost o making additional oies is insigniiant Our model atures the ied ost, that is, the innovation ost or the sotare ith quality level q by qand e assume zero marginal ost o rodution This kind o ost struture might lead to results that the sotare vendors do not ant to share risk ith their ustomers unlike other industries or hysial goods suh as the automobile industry and eletronis industry In the sotare industry, vendors ereive the ied ost q as the main ost ator hile they do not take the marginal ost seriously Hoever, risk-sharing ith eah o the ustomers inurs signiiant eeted ost rk q or eah o the oies that the sotare vendor sells In the resene o risk-sharing, sotare vendors ae both substantial ied ost and marginal ost, hih is not ommon or inormation goods Thus, sharing risk ith ustomers is not a leasant business to the sotare vendor that already bears high innovation ost eseially hen the sotare vendor dominates the market In the net setion, e eamine the oliy-oriented aroah to this roblem We investigate hether a ertain tye o government oliy suh as regulation on risk-sharing and subsidy to the ustomers is an eetive ay to solve the roblem o underrovided sotare seurity 7

4 Poliy Imliations In the monooly senario, e sho that neither a monoolist sotare vendor nor a soial lanner ould share risk hen it is voluntary and that the quality oered by a monoolist is muh loer than the soially otimal level This inding is onsistent ith the eonomis literature in that rodut harateristis suh as rodut quality are not otimally set under regimes o monooly For eamle, ene 975 argues that unregulated monoolist s seletion o rodut harateristis is likely to be biased aay rom the soial otimum, hih turns out to be true in the sotare market aording to our indings As a ossible solution to the roblem o this underrovided sotare seurity, legal liability on sotare vendors has been disussed among omuter sientists, sotare engineers, and seurity eerts Fisk 00 argues that only legal and eonomi systems suh as liability have the otential to hange the status o oor netork seurity yan 003 also argues that sotare vendors should be liable or any deets o their roduts under government regulation hneier 006 disusses the right orm o ederal regulation and argues that imosing liability on the sotare vendors is more eetive than requiring individual users to seure themselves Other oliy-oriented aroahes to imrove sotare seurity inlude government subsidy to sotare users, hih is ontroversial at resent The logi behind this at is that the sotare users reer untionality to seurity in the urrent state Hoever, i e allo users to have higher budget, they may be more illing to ay or seurity Aademi researhers have ound that under ertain irumstanes, a subsidy oliy is eetive For eamle, August and Tuna 006 argue that a subsidy on athing is desirable hen seurity risk and athing ost are high In this setion, e irst eamine the eetiveness o one orm o government regulation, hih is regulation on the risk-sharing level That is, hen loss ours rom a yberattak hih 8

eloits a vulnerability o the sotare, the sotare vendor is ored to be resonsible or a ertain roortion o the loss We investigate hether suh regulation on risk-sharing gives a monoolist sotare vendor any inentive to imrove seurity quality o its sotare rodut Then e disuss the eetiveness o government subsidy in the ontet o the sotare market We investigate hether subsidizing sotare users in order to give them inentives to send more or seurity is an eetive oliy in terms o imroving seurity quality o the sotare rodut We disuss the eetiveness o government subsidy in the ontet o the sotare market 4 egulation on isk-haring We irst investigate hether the ederal regulation on risk-sharing reates an inentive or the monoolist to inrease quality This is a oliy that diretly regulates the sotare vendor that dominates the market ithout any ometitor In order to derive more eonomially interretable results and to illustrate our indings, e assume the eeted loss and the ost to be quadrati untions o seurity quality In that ay, e still kee the onveity o the ost untion and the onveity o the eeted loss untion, hih e assumed or our baseline senario Quadrati untions or ost and utility are oten used in the literature o inormation systems suh as in Jones and Mendelson 998, undararajan 004 and Telang et al 004 esite its less generalizability than the general onve untion, the quadrati untion is oten used in eonomis, both theoretial and alied sine it allos meaningul interretability o the results ithout loss o too muh generalizability The eeted loss untion and the ost untion are as ollos: 9

K q V q, V q q, > 0 > 0 ote that V is the untionality o the sotare as deined earlier uose that the government imoses regulation on risk-sharing As disussed earlier, imosing liability on the sotare vendors under the legal system has been identiied as an eetive solution to the roblem o underrovided seurity o sotare roduts We eamine the eetiveness o one orm o suh legal liability mehanisms, hih is government regulation on the risk-sharing level Under this mehanism, sotare vendors are ored to be resonsible or a ertain roortion o the loss hih inurs due to the vulnerabilities o their sotare roduts Let r be the risksharing level the government ores the sotare vendor to be resonsible or The eeted roit or the monoolist is E π q, r V K q q 4 V r K q Given r, the irst-order ondition or q is Thus, e have E π q, r q K q V K q r K q V K q V r K q 4 V r K q q 0 K q VKq V Kq rv Kq q V rkq { } 4 0 V q q q q r q r q { } 4 { } 0 Further derivation leads to the olloing Proosition Proosition 4: When the government imoses risk-sharing beteen 0 and r here r 56 V V 8, the monoolist inreases the quality o the rodut As the seurity quality imrovement is more ost-eetive, that is, investing the same amount o money on seurity 30

develoment revents higher loss V, government an imose more liability on the sotare vendor to give an inentive or seurity quality imrovement Proo ote that the eeted roit is maimized at q hih satisies V q q q q r q r q { } 4 { } 0 olving the above equation or r yields 4 3 { q V 8 q V 4 V V q 4V q 8V V q 8V V q 4V } q r 3 8 q q 4 3 r { q V 8 q V 4 V V q 4V q 8V V q 8V V q 4V } 3 8 q enote q M be the monoolist s equilibrium quality hen there is no regulation Then r q 0 M q V 8 q V 4 V V q 4V q 8 V V q 8 V V q 4 V 4 3 M M M M M M q 8 4 4 q M Thus, r q M 3 { qm V qm V V} M olving or the otimal quality o the monoolist yields Thus, K qm V 4 qm q V 4 M V V 4 V V r q M V 8 V 4 V 3 V V 4 V 4 4 V 4 V V 8 56 Let V 8, then r Thus e have 56 3

r 64 4 8 > 0 Thus, r inreases as V inreases QE The results sho the otimal level o regulation on risk-sharing that reates an inentive or the monoolist to inrease quality Intuitively, as the roortion o the eeted loss to the ost or seurity quality develoment beomes higher, the admissible range o risk-sharing levels that lead to higher quality beomes ider In other ords, hen the seurity develoment is more ost-eetive, that is, investing the same amount o money on the seurity develoment brings higher beneit in terms o reventing higher loss, it is desirable to imose higher liability on the sotare vendor so that it an imrove the seurity level o its sotare rodut onsistent ith hat has been argued by seurity eerts Fisk 00, yan 003, hneier 006, our indings suort that sotare liability as a regulation under the legal system is an eetive inentive mehanism or sotare seurity imrovement Hoever, imosing too muh risk-sharing on the monoolist may make the situation orse by making the monoolist redue seurity quality This may disourage the sotare vendor by inurring too muh ost Our indings may give oliy makers a starting oint hen they ant to regulate the monoolized sotare market In the sotare market that e study throughout the aer, the sotare vendor s onern is seurity quality develoment or the sotare rodut or hih untionality develoment is already done For eamle, in early 00, Mirosot oused on seurity develoment ithout adding ne eatures to its Windos rodut Our results may aly to the sotare market or suh sotare roduts There is a debate going on the issue o legal liability An oosite vie is that regulating sotare industry may imede innovation Hekman 003 Figure illustrates ho quality hanges as the government imoses dierent 3

levels o risk-sharing on the monoolist It has a oliy imliation that regulation on risksharing may be a good ay or quality imrovement but imosing too muh risk-sharing on the monoolist may make the situation even orse 04 035 v, qm 03 Quality 05 0 Quality 05 0 v, 005 v, 0 0 0 0 03 04 05 06 07 08 09 isk-sharing v, 0 0 0 0 03 04 05 06 07 08 09 isk-sharing v, qm Quality Quality 0 0 0 0 03 04 05 06 07 08 09 isk-sharing qm 0 0 0 0 03 04 05 06 07 08 09 isk-sharing Figure Monooly under egulation We net eamine government subsidy oliy 4 ubsidy or ustomers Proosals or government ation being disussed by oliy makers and omuter seurity eerts inlude oering ta inentives to businesses or sending on seurity Harmon 003 In the urrent state o the sotare market, sotare users are more about untionality o the sotare than seurity quality Government s subsidy to ustomers has been roosed as a ossible 33

solution to the roblem o oor sotare seurity Hoever, some eerts do not agree uon this roosal For eamle, Orszag 004 argues that roviding a ta subsidy to irms or seurity osts ould not be omelling enough to enourage the desirable level o seurity In this setion, e eamine ho the government subsidy to ustomers or sending seurity aets the quality level o the sotare under monooly onsider a senario under hih ustomers get subsidy suh as ta inentives hen they buy the sotare rodut Let s be the subsidy or eah ustomer ho makes a urhase o the sotare Then the eeted utility o the ustomer is EU θ[ V r K q] s The demand derived rom the above eeted utility is, q, r V s r K q A monoolist vendor s eeted roit is then E π qr,, qr,, rkq q s rk q q V r K q At equilibrium, e have r 0 and q s K q 4 4 V K q Analyzing the above ondition leads to the olloing roosition Proosition 5: In the sotare market, the monoolist redues the seurity quality o its sotare rodut hen the government subsidizes the ustomers In terms o quality imrovement, government s subsidizing oliy makes the roblem orse in the monooly ase Proo Let q be the otimal quality o the monoolist ithout subsidy and q be the otimal 34

quality o the monoolist ith subsidy Then e have q K q 4 q s and K q 4 4 V K q Thus, q K q q K q 4 V s K q > 0 In the roo o roosition, e have shon that K q q is inreasing in q, that is, q K q is dereasing in q Thereore, q > q QE Interestingly, e ind that the government subsidy oliy reates no inentive or the vendor to bear the risk and orse, it redues the quality level Lo quality o available otions in the sotare market has been identiied as the main ause o oor seurity by seurity eerts ational esearh ounil 99 Although the subsidy oliy may motivate ustomers to buy the sotare, it may make the situation orse beause the roblem is still on the vendor side Our indings imly that subsidizing the ustomers may not ork eetively ather, inding a ay to enalize the vendor that rodues lo-quality roduts may be a more eetive oliy to make the sotare seure otare liability under government ontrol is one ay to enalize suh sotare vendors ho have not been resonsible or any loss due to the vulnerabilities o their lo-quality roduts in the urrent sotare market We onsider government regulation on risksharing as a ay to imose liability on the sotare vendor and eamine the eetiveness o suh mehanism under monooly setting Our results sho that regulation on risk-sharing level as a ay to enalize sotare vendors orks better than the subsidy oliy in terms o quality imrovement It imlies that government should diretly enalize the monoolist ho rodues lo-quality rodut rather than giving more inentive to the ustomer or sending on seurity 35

5 isussion 5 Inormation Asymmetry In reality, evaluating the likelihood o being attaked by hakers due to sotare vulnerability is not an easy task or sotare users hile sotare vendors have some eertise o rediting suh likelihood In other ords, there eists inormation asymmetry beteen the sotare vendor and its ustomers in the sense that ustomers may not be ell inormed about the ossible loss due to sotare vulnerability In the lassial eonomi theory, ene 977 argues that imosing liability on the roduer is an eetive strategy to ahieve soially otimal quality in the resene o inormation asymmetry, meaning that buyers are misinormed about the rodut harateristis suh as quality In this setion, e investigate hether this eonomi theory holds in the ontet o sotare seurity That is, e eamine the easibility and eetiveness o the risk-sharing mehanism hen there eists inormation asymmetry beteen a monoolist sotare vendor and its ustomers In setion 3, e sho that the risk-sharing mehanism is not easible in the monooly sotare market ith eret inormation Our key question in this setion is hether the miseretion o ustomers about the robability o suessul attak due to sotare vulnerability allos the viability o the risk-sharing mehanism in the monooly sotare market We also eamine the monoolist sotare vendor s inentive or seurity develoment ith reset to the level o inormation asymmetry eall that Kqis the eeted loss hen the seurity quality o sotare is q That is, Kq PqL here Pq is the robability o suessul attak and L is the loss hih inurs in ase o suessul attak uose that ustomers are not able to orretly eet the loss hile the monoolist sotare vendor is Let λ q denote the ustomer s eretion o the robability o suessul attak Pq and q be the ustomer s eretion o the eeted 36

loss Kq That is, q λ q L We onsider this inormation asymmetry by modeling the disreany beteen Kq and q A in the subsrit denotes the ase o inormation asymmetry When the risk-sharing mehanism is available in the resene o inormation asymmetry, a ustomer ho buys the sotare enjoys utility: EU θ V rq A Then the demand or the sotare is A, q, r V r q The eeted roit or the monoolist beomes The irst-order ondition or is and the seond-order ondition or is E π A qr,, A qr,, rkq q rk q q V r q E π A qr,, rk q 0 V r q V r q E π A qr,, < 0 V r q Thus, solving or the irst-order ondition yields the otimal rie: V r q rk q A The eeted roit at the otimal rie is then 37

rk q E π A q, r V r q rk q rk q q V r q rk q V r q rk q q 4 V r q V r q rk q 4 V r q q We no investigate hether the monoolist sotare vendor has any inentive to share risk ith its ustomers ote that the roit maimization roblem ith reset to the risk-sharing level has a boundary solution sine the seond order ondition is ositive E π A q, r > 0 r omarison o the eeted roits at the ull and the zero levels o risk-sharing leads to onditions under hih either boundary solution is otimal The eeted roits are V K q E π A q, r q and 4 V E π A qr, 0 Vq q ote that 4 Kq E π A q, r > E π A q, r 0 hen q > Kq, imlying that ull risk-sharing is V the otimal hoie o the sotare vendor Otherise, E π q, r < E π q, r 0 The results are summarized in Proosition 6 Proosition 6: In the resene o inormation asymmetry, the monoolist sotare vendor has inentive to ully share the risk ith its ustomers i the ustomers overestimate the risk Kq q > Kq I the ustomers level o risk eretion is not high enough V Kq q < Kq, the monoolist sotare vendor does not ant to share any risk V Proosition 6 imlies that unlike the ase o monooly market ith eret inormation, the monoolist sotare vendor has inentive to share ositive risk ith its ustomers hen the level o ustomers eretion o the risk is high This is interesting beause ustomers miseretion A A 38

o the risk allos the viability o the risk-sharing mehanism, hih is not aeted by not only the monoolist sotare vendor but also the soial lanner in the monooly market ith eret inormation I e vie this risk-sharing mehanism as a orm o regulation though it is voluntary and market-driven, our inding is somehat onsistent ith the lassial eonomi theory in the sense that the monooly market may need regulation to ahieve soial otimum We also ind that the monoolist sotare vendor does not ant to share any risk hen the level o ustomers risk eretion is not large enough The result imlies that the real orld sotare vendors unillingness to share the risk ith their ustomers may be elained by the ustomers under-areiation o the risk assoiated ith sotare seurity Our inding justiies seurity eerts vie that lo level o sotare users seurity aareness ontributes to the oor sotare seurity ionen 00 5 Third Party olution eurity eerts and oliy makers suggest sotare liability as one ossible solution to the roblem o oor sotare seurity In this aer, e roose a risk-sharing ontrat as one ay to imose liability on sotare vendors and investigate hether the voluntary and market-driven risk-sharing mehanism gives sotare vendors inentive to make their sotare roduts more seure In the real-orld sotare market, other ays to deal ith the sotare seurity roblem may eist Eamles inlude yber insurane oered by the insurane omanies and seurity sotare rovided by third arty sotare vendors In the urrent state, the market or yber insurane is not yet mature omared to other insurane markets suh as health insurane and auto insurane Insurane omanies an be a market lever to enourage sound seurity by setting u standards or best raties, alying 39

ressure on irms to redue insurane remiums, and roviding inentives or sotare omanies to oer seure roduts Hoever, the vitims o omuter mishas are relutant to make their inormation ubli by reorting to a third arty suh as an insurane omany The insurane omanies are still relutant to get involved in the sotare industry due to unertainty, lak o adequate statistis and tehnologial hanges, although some omanies suh as aeare, Amerian Insurane Grou, and Zurih are oering oliies ranging rom hardare relaement to inormation-asset rotetion on a limited basis eurity sotare suh as antivirus sotare an be another eamle otare users ho are about seurity and do not trust the quality o the out-o-the-bo sotare roduts oten manage their system using suh seurity sotare By having suh shield, users ant to minimize the loss due to vulnerabilities o other sotare that they have on their system ertainly, the seurity sotare based system rotetion is on the ustomers on eense Though suh third arty solutions may have great otential as eetive mehanisms to ahieve better sotare seurity, the undamental issue is that the risk assoiated ith oor sotare seurity is entirely on the ustomer, not on the sotare vendor ho reates the soure o the roblem It has been intensely disussed or a deade that sotare vendors are the ones ho an best understand the risk assoiated ith their sotare roduts and best ontrol the roblem by roviding better seurity quality at the introdution o their sotare roduts yber insurane is undamentally dierent rom other insuranes suh as health and auto insurane in the sense that yber risk is aused by the negligene o sotare vendors and it an be signiiantly imroved i they ant to do so egarding the automobile industry, most aidents do not our due to the maluntion o automobiles The logi o industry eerts ho hamion sotare liability is simle in that oor sotare seurity is an inentive roblem hih an be 40

imroved i e give sotare vendors suh inentive or seurity develoment o ar, e sho that under ertain onditions, the risk-sharing mehanism is eetive in motivating sotare vendors seurity imrovement Our ous in this setion is to investigate hether the availability o suh third arty solutions gives the sotare vendor any inentive or seurity imrovement When third arty solutions are available, the sotare vendor may still avoid being liable or any loss due to oor seurity o their roduts sine they may kee roviding oor seurity sotare and ustomers go ind third arty solution on their on eense Though there are numerous ators e need to onsider the imat o the third arty solutions on the urrent regime, e aim to model the ore ators to anser the key question uose that there eists a third arty hih rovides ustomers a solution to seurity roblem hih ours due to sotare vulnerability For eamle, it an be an insurane omany that oers ull overage or seurity sotare that revents any loss due to vulnerability o sotare that the ustomer has ertainly, there eists signiiant dierene beteen the to eamles In this disussion setion, e do not seiially model eah ase ather, e aim to ature the ore imat o suh third arty solution on sotare seurity enote T be the eense that arues to a ustomer ho adots suh third arty solution T an be the insurane remium or rie o seurity sotare We assume that suh third arties observe the sotare market beore they enter the market, and they have the ability or tehnology to oer their servie or sotare rodut at the rie belo the eeted loss at the otimal quality level oered by a monoolist sotare vendor ithout sharing any risk I a ustomer ould adot a third arty solution, the loss ould be taken are o Let q M be the otimal seurity quality in a monooly market ithout a third arty solution Our assumtion imlies that T K q M <, hih is realisti in the sense that the ustomers do not ant any third arty solution 4

and rather bear the loss i it inurs higher ost than the eeted loss We investigate hether the sotare vendor has an inentive to inrease seurity quality hen a third arty solution is available onsider a monooly sotare market ithout sotare liability and ith third arty solutions T in the subsrit reresents the ase here ustomers hoose a third arty solution and T denotes the ase here they do not adot third arty solution ote that a ustomer enjoys utility rom buying sotare and adoting third arty solution as EU θ VT I a ustomer adots sotare and bears the eeted loss, then the utility beomes EU θ VK q A ustomer adots the third arty solution T i EU > EU, that is, T < K q Thus, the sotare vendor has to hoies First, the T T sotare vendor rovides lo seurity quality so that T < K q and let ustomers get aid rom third arties eond, by oering high seurity quality suh that T > K q, the sotare vendor makes the third arty solution not attrative to the ustomers and let the ustomers bear the risk themselves uose that the sotare vendor ants the ustomer to use a third arty solution Then ustomers should ae higher eeted loss than the rie or the third arty solution T < K q Thus the demand or the sotare is T V T The eeted roit or the monoolist sotare vendor beomes E πt T q q V T E πt The irst-order ondition or is 0 Thus, solving or the irst V T V T T 4

V T order ondition yields the otimal rie, T Then the eeted roit at the otimal V T rie is E πt q Thus, E π T is maimized hen q 4 is minimized Or, q 0 T eall that T K q M < Thus, < and K q 0 T < K q < K q Thereore, the M T 0 sotare vendor s hoie o zero seurity quality let the ustomers get hel rom third arties V T hen they are available In this ase, the sotare vendor s eeted roit is E πt 4 onsider the ase here the sotare vendor does not ant a third arty to get involved and lets the ustomer bear all the risk In this ase, the sotare vendor rovides high seurity quality so that the eeted loss does not eeed the rie or the third arty solution T > K q Let qt be the seurity quality that the sotare vendor rovides ine Kq < T< Kq and T M K q < 0, the sotare vendor should imrove seurity quality rom the otimal level in the monooly market ithout any third arty solution qt qm > Then the demand or the sotare is T V K q The eeted roit or the monoolist sotare vendor beomes E π T T q q q V K q E π T The irst-order ondition or is 0 V K q Thus, solving or the irst order ondition yields the otimal rie, V K q T Then the eeted roit at the otimal rie is V K q E πt q The irst order ondition is 4 E π T K q q 0 q 4 The seond order ondition is E π T K q q < 0 q 4 sine K q > 0and q > 0 43

ote that q M is the monoolist s otimal quality, meaning that K qm qm 0 and 4 E π T is dereasing in qt hen q T > q Thus, at the limit, the otimal seurity quality is one M suh that q T suh that Kq T T Thus, the eeted roit at the otimal rie is V K qt V T T T T E π q q 4 4 ote that V T V T E πt E πt q T q T > 0 The sotare vendor is 4 4 better o having the third arty solution in the market sine it enjoys a higher roit hen ustomers get aid rom a third arty Thus, the otimal hoie o the sotare vendor is not investing any on seurity develoment q q T 0 and let ustomers manage their seurity ith third arty solutions Interestingly, the monoolist sotare vendor ants the third arty to hel ustomers manage their seurity roblem hih ours due to the vulnerability o its sotare rodut so that the monoolist an avoid any ost or seurity imrovement I the industry or yber insurane gets mature, this may solve the roblem eventually in a ay that the insurane hels ustomers ho have sotare rom the sotare vendor ith oor reutation Unortunately, in the urrent state, the yber insurane industry is quite ne ith a small number o roviders By modeling a stati game, our model atures the urrent state o the sotare market ith suh third arty seurity solutions onsistent ith the argument o seurity eerts ho hamion sotare liability, our result shos that the sotare seurity does not get better in the resene o the third arty solutions, ith hih the ost is still imosed on the ustomer side 44

6 onlusion To enhane the oor state o netork seurity, one needs to solve the undamental roblem: giving sotare vendors an inentive to inrease the quality o their roduts As a ossible solution, sotare liability has been disussed or years among sotare engineers, jurists, and oliy makers In this aer, e roose a risk-sharing mehanism as a market-driven method to imose sotare liability, and analyze the sotare market ith the roosed mehanism under various senarios We resent an eonomi model o the sotare market, hih onsiders the strategi interlay o risk-sharing and quality We irst omare the monoolist s and the soial lanner s solutions Our results give evidene o under-rovided sotare quality under monooly, as has been observed in the market We ind that the soial lanner ho maimizes soial surlus oers higher-quality rodut than the monoolist and that neither the soial lanner nor the monoolist has any inentive to bear the risk This is interesting in the sense that even or the soial lanner, sharing risk ith the ustomers is not otimal at equilibrium although risk-sharing mehanisms suh as arranties are idely used in other industries This an be elained by the intuition that risk-sharing and quality are not strategi omlements We etend the model to duooly ometition In the ase here the entrant brings a rodut o the same quality as the inumbent ho does not ant to share any risk, e ind that the entrant has an inentive to introdue ositive risk-sharing to alleviate ometition and that the risk-sharing level inreases as the quality level inreases Hoever, in the resene o ometition here to vendors an dierentiate their roduts not by quality but by risk-sharing, neither the high-value vendor nor the lo-value vendor has an inentive to share the risk ith ustomers, imlying that the government should get involved in the sotare market as a market regulator 45

We eamine ho dierent orms o government oliy aet sotare quality under monooly First, e investigate hether regulation on risk-sharing reates an inentive or the monoolist to inrease quality Our indings sho that a ertain level o regulation on risksharing leads to higher quality, and it beomes more eetive as the eeted loss beomes higher omared to the ost or quality imrovement Then, e analyze the sotare market here the government subsidizes ustomers ho buy the sotare Unlike the redition o ratitioners, e ind that government subsidy oliy reates no inentive or the monoolist to bear the risk and even redues the quality level This result imlies that the government should adot the oliy to diretly enalize the monoolist that rodues lo-quality sotare rather than subsidizing the ustomers We disuss other ossibilities in the sotare market: inormation asymmetry and third arty solutions We eamine the sotare market here there eists inormation asymmetry beteen the monoolist sotare vendor and its ustomers We ind that the monoolist sotare vendor has an inentive to share ositive risk ith its ustomers hen the level o ustomers risk eretion is high Otherise, the monoolist sotare vendor does not ant to share any risk ith its ustomers As ointed out by seurity eerts, our result shos that a lo level o ustomers seurity aareness ontributes to oor sotare seurity We then eamine the imat o third arty solutions on sotare seurity and ind that the sotare vendor does not ant to send on seurity develoment hen third arty seurity solutions are available to ustomers otare liability has been an imortant issue among sotare develoers and oliy makers evertheless, no eetive liability-imosing mehanism has been ound yet We roose a risksharing mehanism as a ossible solution Our researh ontributes to the literature in the 46

olloing ays First, e rovide an eonomi rameork or analyzing a seurity issue here little researh has dealt ith the roblem o the sotare market rom an eonomi ersetive although the ossible solution to this roblem is eonomi rather than tehnial eond, our results suggest that a risk-sharing mehanism is romising under ertain onditions as a orm o market-driven regulation Finally, our results have managerial imliations or sotare vendors Eseially, a vendor ho enters the market ometing ith an established inumbent may ant to onsider sharing the risk ith its ustomers While signiiant, this study an be imroved in several ays First, develoing a ay to aly the risk-sharing mehanism may orm a romising researh area For eamle, loss measurement and risk analysis are rerequisites or the roosed risk-sharing mehanism eond, more rigorous analysis o the eetiveness o other alternatives to sotare liability suh as yber insurane may bring more insights Throughout the aer, our ous is on the risksharing mehanism As e mentioned earlier, seurity eerts have suggested other ays to ahieve better sotare seurity In this aer, e disuss ho the availability o suh alternative solutions may aet the dynamis o the sotare market by only onsidering the ore harateristis eeer understanding o the yber insurane market and more realisti model set u ill bring more meaningul outomes Third, onsidering a mehanism or athing and eamining ho the availability o athing aets the interlay o risk-sharing and sotare quality ill be interesting Pathing is an emerging toi in the seurity literature and researhers eamine the sotare vendor s hoie o quality hen athing is available Arora et al 006 Vieing athing as a ay to imrove sotare seurity over time and modeling the sotare quality in a multi-eriod game ill be an interesting researh toi 47

eerenes Anderson, Why Inormation eurity is Hard-An Eonomi Persetive, Proeedings o the 7th Annual omuter eurity Aliations onerene, eember 0-4, 00, 358 Arora, A, alkins, J and Telang, ell First, Fi Later: Imat o Pathing on otare Quality Management iene, 5:3, 006, 465-47 August, T, and Tuna, T etork otare eurity and User Inentives Management iene, 5, 006 703-70 Brady,, Anderson, and Ball, Murhy s la, the itness o evolving seies, and the limits o sotare reliability, ambridge University omuter Laboratory Tehnial eort no 476 999, at htt;//lamauk/~rja4 Eonomi Times Mirosot eurity Push ost $00 Million, July 9, 00 Ernst & Young eyom Global Inormation eurity urvey, 004 Fisher, ontrats Getting Tough on eurity eweek, Aril 5, 00 Fisk, M auses and emedies or oial Aetane o etork Inseurity Worksho on Eonomis and Inormation eurity, University o aliornia, Berkeley, May 6-7, 00 Gordon, L A, Loeb, M P, Luyshyn, W and ihardson, 004 I/FBI omuter rime and eurity urvey omuter eurity Institute, 004 Harmon, A igital Vandalism urs a all or Oversight e York Times, etember, 003, etion A, Page, olumn 6 Hekman, To Vies on eurity otare Liability: Using the ight Legal Tools IEEE eurity & Privay : 003, 73-75 Jones, and Mendelson, H Produt and Prie ometition or Inormation Goods, Tehnial eort, tanord University, 998 48

Marko, J Mirosot Programmers Hit the Books in a e Fous on eure otare e York Times, Aril 8, 00 Mussa, M and osen, Monooly and Produt Quality Journal o Eonomi Theory 8 978, 30-37 ational esearh ounil, omuters at isk: ae omuting in the Inormation Age, ational Aademy Press, Washington,, 99 Orszag P Homeland eurity: The Problems ith Providing Ta Inentives to Private Firms Testimony beore the House ommittee on mall Business, ubommittee on ural Enterrise, Agriulture and Tehnology, Washington, July, 004 onnen, U Minimum Quality tandards, Fied osts, and ometition The A Journal o Eonomis 99, 490-504 yan, To Vies on eurity otare Liability: Let the Legal ystem eide IEEE eurity & Privay : 003, 70-7 hneier, B Inormation eurity: Ho Liable hould Vendors Be? omuter World, Otober 8, 004 hneier, B o Federal eurity egulations Hel? Inormation eurity, ovember 006 ene, M Monooly, Quality, and egulation The Bell Journal o Eonomis 6: 975, 47-49 ionen, M Five imensions o Inormation eurity Aareness, AM IG A omuters and oiety 3: 00, 4-9 ene, M onsumer Miseretions, Produt Failure and Produer Liability The evie o Eonomi tudies 44:3 977, 56-57 49

undararajan, A onlinear Priing o Inormation Goods Management iene 50: 004, 660 673 Telang,, ajan, U and Mukhoadhyay, T The Market truture or Internet earh Engines Journal o Management Inormation ystems : 004, 37 60 Varian, H Managing Online eurity isks e York Times, June, 000 Varian, H Eonomis o Inormation Tehnology Mattioli Leture, Booni University, Milan, Italy, ovember 00 Yurik, W and oss, yberinsurane: A Market olution to the Internet eurity Market Failure Worksho on Eonomis and Inormation eurity, University o aliornia, Berkeley, May 6-7, 00 50

3 The Eet o a Liability Mehanism on otare eurity: The Monooly ase 3 Introdution otare has beome an indisensable art o our daily lives ot only large-sale oerating systems in businesses but also home eletri alianes suh as television sets and telehones are oered by thousands o rogram instrutions As our soiety deends more on sotare, its maluntion beomes more disastrous For eamle, the task ore investigating the ause o the eletriity blakout on August 4, 003, hih riled muh o the ortheast UA and arts o anada onluded that a sotare ailure at Akron, Ohio-based FirstEnergy ororation might have ontributed signiiantly to the oer outage Verton 003 The elosion o sotare usage has inreased the vulnerability o omuter systems, highlighting seurity onerns Aording to Mirosot Progress eort on eurity, maliious sotare ode has been around or deades, but only in the last e years, the Internet, high-seed onnetions and millions o ne omuting devies have onverged to reate a truly global omuting netork in hih a virus or orm an irle the orld in a matter o minutes onsequently, eternal attaks suh as viruses and orms that eloit the vulnerabilities o the oerating systems get more serious Ernst & Young s Global Inormation eurity urvey 004 ound that 77% o the resondents rated major viruses and orms to have the highest threat intensity Ernst & Young 004 The abundane o laed sotare has been identiied as the main ause o the oor seurity o omuter netorks Yurik and oss 00 In etember 003, teven Adler, senior seurity strategist or Mirosot ororation aologized or the damage and losses aused by the 5

onslaught o omuter viruses that have attaked his omany s sotare Aording to Fisk 00, the sotare industry is at a sub-otimal, but sel-suorting equilibrium that does not suort the eorts required or develoing highly seure sotare He also argues that the sotare vendors do not have enough inentive to aly the available tehniques to revent sotare vulnerability Until reently, lo seurity aareness o ustomers has been blamed or disouraging sotare vendors to invest on seurity imrovement ine ustomers are not aable o rediting seurity loss and thus, do not areiate the value o seure sotare, the vendor ereives lo demand or seurity As a result, develoing highly seure sotare is a signiiant risk to the vendors given the small market and the high develoment ost Hoever, lo seurity aareness does not seem to ully elain oor sotare quality Although individual onsumers may be unaare o seurity issues, it is not the ase or the irms Eseially sine 9/, seurity has beome a major issue or business, and managers have beome muh more aare o seurity onerns In site o inreasing seurity aareness, the quality o sotare is still in question eurity researhers argue that unless sotare vendors are held liable or their roduts, they are not illing to rodue seure sotare Armour and Humhrey 993, Harmon 003, ager and Green 00, hneier 004, Varian 000 ine the risk is entirely on the ustomer side, unlike other industries, suh as an auto industry here the manuaturers are aountable or any deet o their roduts, the sotare vendors may not have enough inentive to develo seure sotare eseially i the vendor dominates the entire market As an inentive mehanism or sotare seurity quality imrovement, sotare liability has been intensely disussed among omuter sientists, jurists, and oliy makers or years In site o the long years o debate, the researhers have not ome to a onlusion about hether 5

imosing liability on the sotare vendor leads to highly seure sotare In a reent artile, to eerts in the ield take oosite vieoints regarding sotare liability Hekman 003, yan 003 yan 003 argues that it is not ratial or onsumers to reate their on seurity sotare, and thus it is reasonable to assume that manuaturers o suh sotare should ensure the reliability o their roduts On the other hand, Hekman 003 argues that sotare does not have the harateristis o other roduts suh as automobiles that ould suort legal liability, and thus, liability is not the aroriate tool or reduing the number and severity o sotare seurity holes esite long years o argument among seurity eerts, the eetiveness o sotare liability is a question that still remains unansered There are rerequisites or the sotare liability mehanism For eamle, e should be able to quantiy seurity measures suh as loss assoiated ith a ertain attak Quantiying loss itsel is not an easy task But the roblem is that the eetiveness o sotare liability is questionable even assuming ull easibility o sotare liability The questions that e aim to anser in this aer are hether sotare liability is beneiial, and i so, under hat onditions Ansers to our researh questions may give oliy makers an idea about hih ators deide the viability o the sotare liability, hih has been onsidered to be a otentially eetive mehanism or better seurity Although the sotare vendors have not aed liability or seurity ailures yet, some omanies are demanding liability lauses in ontrats ith vendors, holding them resonsible or any seurity breah onneted to their sotare Fisher 00 onsequently, sotare vendors ae otential threat o liability In Otober 003, Mirosot as sued in aliornia, based on the laim that its market-dominant sotare is vulnerable to viruses and orms aable o triggering massive, asading ailures in global netorks The lasuit omes in the ake o 53

to major orms that have eloited vulnerabilities in Mirosot sotare: lammer and Blaster ue to otential liability as ell as inreasing ustomer seurity aareness, some leading sotare vendors started making eorts to develo seure sotare In the no amous memo in January 00, Bill Gates stated as ollos: In the ast, e ve made our sotare and servies more omelling or users by adding ne eatures and untionality, and by making our latorm rihly etensible We ve done a terrii job at that, but all those great eatures on t matter unless ustomers trust our sotare o no, hen e ae a hoie beteen adding eatures and resolving seurity issues, e need to hoose seurity Our roduts should emhasize seurity right out o the bo, and e must onstantly reine and imrove that seurity as threats evolve uring February and Marh 00, Mirosot stoed develoing Windos eatures and oused on imroving the seurity quality o Windos For a monoolisti vendor ursuing roit suh as Mirosot, this shos ho serious the seurity roblem is This memo learly shos that the vendor aes a ne era hen the develoment o seure sotare is a signiiant issue or business In this aer, e investigate hether imosing liability motivates the monoolist to imrove the seurity quality o its sotare, and determine the onditions under hih the liability mehanism is eetive in terms o seurity imrovement Then e eamine ho the liability mehanism aets the monoolist s market overage Both seurity quality and market overage are imortant to evaluate the eetiveness o the liability mehanism sine oliy makers need to make sure that the monoolist has inentive to serve enough ustomers ith roviding reasonably seure sotare ith the liability mehanism There are to issues surrounding the liability mehanism: eetiveness and easibility The ous o this aer is the ormer, ie, 54

hether liability leads to higher seurity quality or higher soial surlus Imlementing the liability mehanism is ertainly not an easy roblem For eamle, quantiying loss is diiult But only hen the mehanism is roven to be eetive, it is orth disussing the imlementation issue In site o a long debate by omuter sientists, jurists, and oliy makers, there has not been an agreement on the eetiveness o the liability mehanism From an eonomi ersetive, e analyze the sotare market to evaluate the eetiveness o sotare liability We model the ase here the vendor ouses on seurity develoment, and identiy the ators that aet the monoolist s deision on seurity quality and market overage We irst onsider the ase here both the vendor and ustomers are ully aare o seurity issues In other ords, both arties have rational eetation o the loss due to seurity breahes o the sotare Unlike diret ontratual risk-sharing that may imose artial liability on the vendor, e eamine the legal and uniorm liability that makes the vendor ully resonsible or the entire loss We determine the onditions that aet the monoolist s market overage We ind that high marginal illingness to ay or the sotare leads to ull market overage hen the ustomers are resonsible or the entire risk One liability is imosed on the monoolist, ull market overage obtains or any level o marginal illingness to ay deending on onditions, that is, the monoolist overing the artial market ithout liability may have an inentive to ully inrease its market overage hen it beomes liable The monoolist oers even higher seurity quality in the ull market ith liability than in the artial market ithout liability This result imlies that under ertain onditions, avoiding liability is not beneiial to the the sotare vendor in the sense that the liability mehanism may give the monoolist an oortunity to have more ustomers 55

Overall, e ind that liability does not alays lead to high seurity quality, nor does it alays lead to high soial surlus We identiy the ators that aet the monoolist s deision on seurity quality level We ind that no matter hih arty is liable or the loss in the ully overed market, seurity quality inreases ith the roortion o loss to ost and dereases ith the baseline utility rom the sotare We also ind that high marginal illingness to ay leads to high seurity quality in the urrent market ithout liability This inding imlies that eduating the users to areiate seurity may be an eetive ay to motivate the vendor to imrove seurity quality We eamine the elare imliations o the liability mehanism Our results sho that seurity quality is underrovided in the market here ustomers are resonsible or the entire risk, hile soially otimal level o seurity quality is oered one liability is imosed on the monoolist We also ind that the soial lanner oers higher seurity quality in the market ithout liability than ith liability This result imlies that there is a tradeo beteen seurity quality and risk-sharing, even or the soial lanner We investigate hether imosing liability on the vendor leads to better seurity or higher onsumer surlus in the ully overed market Interestingly, our results indiate that imosing liability may disourage the monoolist rom imroving seurity ontrary to seurity ratitioners eetation, hereas onsumer surlus is higher ith the liability mehanism When the marginal illingness to ay is relatively lo, the liability mehanism brings higher soial surlus Finally, e onsider the ase here ustomers have oor seurity aareness, and thus, underestimate the risk We ind that the liability mehanism is eetive in imroving seurity quality as ell as onsumer surlus hen ustomers are not aable o roerly rediting the loss unlike the vendor This aer ontributes to the literature in that it not only gives a lear iture o liability in the sotare 56

market rom an eonomi ersetive but also rovides imliations to managers and oliy makers The rest o the artile is organized as ollos etion 3 desribes the general model In order to get additional insights on the imat o the liability mehanism, e assume some reasonable untional orms or our model in etion 33 and etion 34 In etion 33, e eamine the sotare market ithout liability, and eamine the onditions under hih market overage is endogenously determined We then obtain the otimal levels o seurity quality o the monoolist s sotare rodut in the artially overed market and the ully overed market In etion 34, e analyze the market ith liability We eamine the oliy imliations o the liability mehanism in etion 35 We analyze the imat o sotare liability on the levels o seurity quality, onsumer surlus and soial elare in the ully overed market We then investigate hether onsidering oor seurity aareness o ustomers hanges the results In etion 36, e disuss robustness o our results hen untionality is endogenized along ith seurity quality Lastly, e oer our onluding remarks in etion 37 3 General Model We analyze a sotare market dominated by a monoolisti sotare vendor, and investigate hether imosing liability gives the vendor an inentive to imrove seurity quality o the sotare We set u a model using a theoretial rameork built on the models o vertial quality dierentiation Mussa and osen 978, onnen 99, ene 975 There are to tyes o layers in the market: a monoolisti sotare vendor and ustomers The monooly ase is relevant in the sotare industry onsider the dominating osition o Mirosot in the P oerating systems market, or eamle ustomers in our model are irms that are likely to have 57

higher inentive to invest on seurity than do individuals hose seurity aareness level is lo in reality We irst onsider the ase here both the vendor and ustomers are aare o seurity issues In other ords, they have rational eetations o the loss due to seurity breahes o the sotare rodut Let q be seurity quality saled beteen 0 and eurity quality measures ho vulnerable the sotare is at the rodut launh Bug-ree sotare an be onsidered to be o eret seurity quality q Lq reresents the loss untion, hih is onve: L q < 0 and L q > 0 As seurity quality inreases, the loss dereases at a diminishing rate The loss untion is set u in a ay that inreasing seurity quality redues the eeted loss rom yberattak in the lie-san o the rodut, and that the loss is entirely reventable i the installed sotare ehibits eret seurity quality L 0 This is onsistent ith seurity eerts vie suh as Fisk 00 Arora et al 006 argue that the best strategy or sotare vendors is to introdue the rodut as early as ossible and then ath it later onsequently, seurity quality o the sotare at the rodut launh is loer than eeted eurity eerts argue that the sotare vendors should imrove the initial seurity quality o their roduts sine the deets o oorly ritten sotare are eloited by the maliious hakers to attak the omuter systems Harmon 003 Until reently, sotare vendors have been able to avoid liability or any deet o their roduts and thus, they have little inentive or seurity quality imrovement Hoever, sotare vendors are no aing otential threat o liability as demonstrated in the Mirosot lasuit ase in Otober 003 As a result, sotare vendors are more onerned about the seurity quality o their roduts As noted beore, in early 00, Mirosot stoed develoing Windos eature and oused on imroving seurity quality o Windos Our model atures the urrent henomenon by analyzing the market here the vendor emhasizes seurity quality V is the 58

baseline utility that a ustomer gains rom the sotare rodut i it is eretly seure Let q, V be the ost untion and assume that q, V is a onve untion o q enote q, V be q, V q, V and q, V be The onveity o the ost untion means q, V > 0 q q and q, V > 0 This imlies that the ost inreases as the seurity quality inreases at a groing rate We also assume that q, V V > 0, imlying that oering higher utility to ustomers osts more This is realisti in the sense that it is more ostly to allo the same level o seurity to more omliated sotare ith more eatures 3 Baseline We eamine the market here the entire risk is on the ustomer side, hih models the urrent state o the sotare market Our model assumes that ustomers have rational eetations o the loss due to the vulnerability o the sotare ustomers value seurity quality in that q redues eeted loss We model the ase here the vendor ouses on seurity quality In the market here the ustomers are resonsible or any ossible loss due to seurity breahes o the sotare, the eeted utility o a ustomer is deined as ollos: EU θ V L q eall V denotes the baseline utility that a ustomer gains rom the sotare i it is eretly seure Lq reresents the eeted loss hen q is the level o seurity quality saled beteen 0 and is the rie and θ atures ustomer heterogeneity indiating ho muh utility a ustomer derives rom the sotare Losses arise out o disrution to business ativities Thus, the same attak may lead to more damage to some irms than to others I θ is high, the irm ares more about seurity quality o the sotare, in that it enjoys more utility rom the rodut, 59

but also suers more disutility rom a suessul attak It relets that some irms are more onerned about seurity issues than others Firms in the inanial industry or in health are industry are eamles o high-θ irms We assume that θ is distributed on the interval, [ θ, Let θ be the robability density untion o θ and F θ be the orresonding umulative distribution untion o θ Then b θ d θ Pr[ a Θ b ] and F θ y dy a θ ine the entire risk is on the ustomers, the vendor is not resonsible or any ossible loss that may our due to sotare vulnerabilities The rodution o inormation good suh as sotare involves high ied osts but lo variable osts In other ords, the ost o roduing the original oy is substantial hereas the ost o making additional oies is negligible As a result, given the ontet o sotare rodut, the ost does not deend on quantity Thus, in our model, it is reasonable to assume zero variable ost Then, the sotare vendor's eeted roit is Eπ q, V here is demand or the rodut and qv, reresents the rodution ost o sotare ith seurity quality level q This onve ost untion imlies that the ost inreases as seurity quality level rises at a groing rate and that the ost to oer a ertain level o seurity quality beomes higher hen the sotare rovides higher utility V θ 3 otare Liability In this setion, e model the market here liability is imosed on the vendor side This is ommon in some industries For eamle, ar manuaturers are legally resonsible not only or 60

the rodut deets but also or any injury or loss that is aused by the deets Hoever, unlike other industry, sotare vendors have been able to avoid liability or any vulnerability o the rodut Aordingly, seurity eerts and jurists argue that imosing liability on the vendor may ork ell as an inentive mehanism or seurity quality imrovement o the sotare roduts yan 003, hneier 004 We model the market here the vendor is aountable or any loss due to vulnerability o its sotare rodut In this market, the ustomers do not have to take the eeted loss into aount hen they deide hether or not to buy the sotare They only are about the baseline utility and rie sine the eeted loss does not aet total ustomer utility: EU θv In this market, here the risk is on the sotare vendor, the ost untion or the vendor has to ators: the ied ost or initial seurity quality develoment and the eeted loss hih lays a role o a variable ost The eeted roit o the vendor is then: Eπ L q q, V 33 Equilibrium Analysis In this setion, e analyze the monoolisti sotare vendor's otimal hoies on rie and seurity quality level and eamine the eet o a liability mehanism on the seurity quality Grounded on the models o vertial quality dierentiation Mussa and osen 978, onnen 99, ene 975, e set u a game, hih onsists o three stages At the irst stage, the monoolisti vendor deides the level o seurity quality q At the seond, the vendor sets u the rie Then the ustomers deide hether or not to buy the sotare rodut We ous on the omarison o otimal qualities in the ully overed market in order to relet hat haens in 6

some real-orld sotare markets suh as oerating systems sotare market We also argue the issues o artially overed market to a ertain etent Full Market ase onsider the no liability ase Let ˆ θ deine the marginal illingness to ay o the ustomer ho is indierent beteen buying and not buying Then ˆ 0 ˆ EU θ V L q θ V L q ote that or all, V, q suh that ˆ θ θ Then the monoolist harges the highest ossible rie, : ˆ θ θ V L q V L q θ θ Thus, under ull market overage, the eeted roit is Eπ qv, θ VLq qv, Let in the subsrit denote the ase ithout liability and F reresent ull market The irst order ondition or q is Eπ L q θ L q q, V 0 q q, V θ F F o, onsider the ase ith liability Then the illingness to ay o the marginal ustomer is ˆ θ ote that or all, V, q suh that ˆ θ θ Thus, the sotare vendor maimizes V roit at the otimal rie, : Then the eeted roit is ˆ θ θ θ θv V 6

Eπ Lq qv, θv Lq qv, Let in the subsrit denote the ase ith liability The irst order ondition or q is Eπ L q q, V 0 q hih leads to the olloing ondition: L q q, V F F Proosition : In a ully overed market by a monoolisti sotare vendor, imosing liability on the vendor or any loss due to seurity breahes leads to higher seurity quality hen ustomers have high marginal illingness to ay θ > Otherise θ <, seurity quality may derease ith the liability mehanism Proo ee the Aendi The result holds hen the monoolisti sotare vendor overs the ull market in both ases: ith and ithout liability With these generalized untional orms, obtaining lear-ut ull market onditions is not tratable as ill be seen in the net setion Intuitively, it is reasonable that a vendor has stronger inentive to serve more ustomers hen ustomers value its sotare more In other ords, higherθ o the ustomers is more likely to lead to ull market than loerθ Our result shos that q > q hen the loer bound o θ is greater than, hih is more F F likely to be the ull market ondition or both ith and ithout liability ases thanθ < Partial Market ase We eamine the artial market ase and argue that omarison o seurity quality ith and ithout liability is not deisive, that is, seurity quality an either inrease or derease hen liability is imosed on the monoolisti sotare vendor In this setion, e sho that there eist onditions under hih imosing liability on the monoolisti sotare vendor leads to higher 63

seurity quality in the artially overed market onsider the ase ithout liability irst The illingness to ay o the marginal ustomer is ˆ θ V L q Thus, the demand or the sotare is ˆ t dt F F θ F ˆ θ V L q The eeted roit or the vendor is then Eπ q, V F q, V V L q The irst order ondition or is E π F 0 V L q V L q V L q earranging the above ondition leads to V L q F V L q V L q The irst order ondition or q is Eπ L q q, V 0 q V L q V L q ubstituting V L q in the above equation leads to V L q F L q q, V 0 V L q V L q F L q q, V 0 V L q V L q Let P in the subsrit denote artial market Then, 64

L qp V L qp qp, V P F V L q P P o, onsider the ase ith liability The illingness to ay o the marginal ustomer is ˆ θ and the orresonding demand or the sotare is t dt F ˆ V The eeted θ V roit or the vendor is given by Eπ L q q, V L q F q, V V The irst order ondition or is Eπ Lq F 0 V V V V V Hoever, e do not need the above ondition or our urose beause V aear in the irst order ondition or q as shon belo: From the above ondition, Eπ L q F q, V 0 q V does not L qp qp, V P F V With general untional orms, it is not easible to obtain the otimal quality in a losed orm Also, it is diiult to omare seurity quality ith or ithout liability in the artially overed market We sho that there eists a ase here imosing liability gives inentive to rovide higher seurity quality uose that the olloing ondition holds: ˆ θ V L q V P P P 65

Then the otimal qualities meet the olloing onditions: L q P V qp, V P P F V L qp qp, V P F V ote thatθ is distributed on [ θ, Thus, any ase is ossible uose that θ ˆ θ < Then L q L q, hih imlies, q q, V q, V P < q P When ˆ θ >, P P < P P q P q P > In the ully overed market here ustomers are likely to have higher marginal illingness to ay, our result shos that seurity quality dereases hen liability is imosed on the vendor Our artial market analysis shos that there eists a ase here seurity quality ith liability is stritly greater than seurity quality ithout liability Unlike ully overed market, the liability mehanism may bring higher seurity quality in the artially overed market deending on ertain onditions From this inding, e an iner seurity quality rom the ersetive o a soial lanner oial lanner is like a monoolist ith ull liability, eet that the soial lanner ill have a smaller illingness to ay rom a marginal ustomer Thus, the soial lanner rovides loer seurity quality than the ully liable monoolist omaring to a monoolist ithout liability, the soial lanner oers higher seurity quality i and only i the average ustomer served by the soial lanner has a higher illingness to ay than the marginal buyer served by the monoolist With these general untional orms, obtaining ull market onditions in a losed orm is not easible In order to get additional insights, e assume linear loss and quadrati ost untions or urther analysis and eamine ho our result binds ith market overage onditions in the net setion 66

33 otare Market Without Liability With the generalized untional orms in the original setting, it is not easible to obtain a ull market ondition in a losed orm For urther analysis, e make assumtions on the untional orms Let a q be the eeted loss hen a is a arameter aturing the degree o loss due to seurity breahes a > 0 and q is the level o seurity quality saled beteen 0 and This imlies that loss is entirely reventable i the installed sotare ehibits eret seurity quality eall that V is the baseline utility that a ustomer gains rom the sotare i it is eretly seure enote tvq be the ost untion or seurity quality develoment here t is a arameter modeling the degree o the develoment ost or the sotare ith seurity baseline utility V and seurity quality q t > 0 We also assume θ to ollo a uniorm distribution on θ, θ These assumtions are oten made in the domain o alied eonomis We irst analyze the market here the entire risk is on the ustomers 33 Partial Market overage eall that the game onsists o three stages At the irst stage, the monoolisti vendor deides the level o seurity quality q At the seond, the vendor sets u the rie Then the ustomers deide hether or not to buy the sotare rodut Let ˆ θ deine the marginal illingness to ay o the ustomer ho is indierent beteen buying and not buying Then the eeted utility o the marginal ustomer is ˆ 0 ˆ EU θ V a q θ V a q 67

The ustomers ho have higher marginal illingness to ay than ˆ θ, ill buy the sotare rodut Then the demand or the sotare is θ The eeted roit or the V a q monoolist beomes Eπ θ tvq V a q The irst order ondition or is Eπ θ V a q 0 Thus, the otimal rie is θ ubstituting in the V a q roit untion leads to θ Eπ V a q tvq The irst order ondition or q is 4 Eπ aθ tvq 0 q 4 eall that denotes the ase ithout liability and P in the subsrit reresents artial market overage olving the FO yields the otimal seurity quality as ollos: The otimal level o rie is then q aθ 8tV P θ aθ P V a 8tV 33 Full Market overage In this setion, e eamine the onditions under hih the market is ully overed by the monoolist and then analyze the monoolist's deision on seurity quality in the ully overed market In the ontet o sotare, this is a relevant ase sine ull market overage is quite oten ahieved in reality When in the artial market, ull market overage obtains rom the 68

outset We irst analyze the market ithout liability In etion 33, e obtained the demand in the artially overed market as ollos: θ V a q P The otimal level o rie is θ P V a q θ ubstituting in the demand ith the equilibrium rie yields P ote that the taste arameter o the marginal ustomer ho is indierent beteen buying or not is ontingent on the vendor s quality and rie deisions ine, the demand beomes a untion o the uer bound o the taste arameter at the otimal rie level, the demaration o market overage is endogenous eall that q aθ Thus, 8tV P θ aθ V a ˆ P 8tV θ θ V a q P aθ V a 8tV ine ˆ θ θ, the artial market overage ours hen ˆ θ θ > θ θ <, and the ull market overage ours hen θ > This imlies that the monoolist sotare vendor hooses to over the ull market hen ustomers have high marginal illingness to ay or the sotare Assume that ustomers have high enough marginal illingness to ay θ > monoolist deides to over the entire market and harges the highest ossible rie, : Then the 69

ˆ θ θ θ V a q θ V a q θ V a q Under ull market overage, the monoolist's eeted roit at the otimal rie is Eπ tvq θ V a q tvq The irst order ondition or q is Eπ a θ tvq 0 q eall that denotes the ase ithout liability Let F in the subsrit stand or ull market overage olving the irst order ondition yields the otimal seurity quality: q F a θ tv The otimal level o rie is then a θ F θ V a tv The monoolist's eeted roit in the ully overed market ithout liability is a θ a θ EπF θ V a tv 4tV a θ θ V a 4tV 70

34 otare Market With Liability 34 Partial Market overage We analyze the market here the vendor is liable or the seurity breahes o its sotare rodut, assuming all losses are veriiable Under the liability mehanism, the vendor is suosed to over the entire loss inurred due to the attaker's eloitation o the sotare vulnerability ine the risk is not on the ustomers but on the vendor, the utility untion o ustomers is not aeted by the eeted loss The ustomer's utility untion is EU θv Although the variable ost o rodution is assumed to be zero, the liability mehanism makes the eeted loss be the variable ost Thus, the vendor's eeted roit untion is π Then the illingness to ay o the marginal ustomer is E a q tvq ˆ 0 ˆ EU θv θ V The ustomers ho have higher marginal illingness to ay than ˆ θ ill buy the sotare rodut hereas others ill not Thus, the demand is θ The eeted roit or the V monoolist ho is liable or the loss is Eπ a q θ tvq V The irst order ondition or the rie is Eπ a q θ 0 V V The otimal rie level is Vθ a q elaing rie in the eeted roit ith yields Then the irst order ondition or q is Eπ Vθ a q tvq 4V 7

Eπ a V θ a q tvq 0 q V qa tv a avθ 4 Assume that a< tv Then the seond order ondition or q is Eπ a tv < 0 q V eall that reresents the ase ith liability The otimal seurity quality is q a a avθ 4tV P uose that a> tv Then the eeted roit is maimized at either q 0 or q The onditions or eah boundary solution are as ollos: a a a a avθ > qp 4tV 0 avθ < qp 4tV Proosition : When the entire risk is on the ustomer side in the artially overed market, seurity quality q inreases ith the roortion o loss to ost a/ t P and marginal illingness to ay θ and dereases ith utility V When liability is imosed on the vendor and the eeted loss is small 0 < a< tv, he otimal quality is an interior solution, hih inreases ith marginal illingness to ay θ When the eeted loss is large a> tv, high θ leads to q and lo θ yields P q P 0 With medium θ, q i the eeted loss is P bounded and q otherise P 0 Proo ee the Aendi 7

Without a liability mehanism, the monoolist imroves the seurity quality ith the roortion a o loss to ost, hih an be interreted as the eiieny o the seurity develoment We t ind that higher marginal illingness to ay leads to higher seurity quality ith or ithout liability, imlying that eduating ustomers to areiate seurity may be an eetive ay to motivate the sotare vendor to imrove the seurity quality o its sotare When the entire risk is on the ustomer side, the sotare vendor alays oers ositive seurity quality When liability is imosed on the sotare vendor and the eeted loss is small, the monoolisti sotare vendor still has inentive to oer ositive seurity quality Hoever, hen the eeted loss is large and the marginal illingness to ay o the ustomers is small, the vendor may oer zero seurity quality so that it eits the market and makes zero roit 34 Full Market overage In this setion, e analyze the market ith liability and eamine the onditions under hih the market is ully overed by the monoolist We model the market here the vendor is resonsible or the entire loss due to seurity breahes hih are eloited by maliious agents The ull market overage ondition is The demand or the sotare in the artially overed market is θ V P In etion 34, e derived the equilibrium rie as ollos: P Vθ a q uose that a< tv Then the otimal quality is 73

q a a avθ 4tV P We an omute the demand by substituting rie and quality ith otimal levels θ a q avθ 4atV V V V a 4tV P P P θ θv The ull market ondition or the market ith liability is then avθ 4atV V a 4tV P θ V θv V a 4 tv a Vθ 4atV a 4tV 0 Proosition 3: In the market ithout liability, the monoolisti sotare vendor overs the ull market hen the ustomers have high marginal illingness to ay θ When the ustomers have lo marginal illingness to ay θ <, some ustomers are let out Assume that the ossible eeted loss is bounded a tv In the market ith liability, the monoolisti sotare vendor has an inentive to over the ull market or any level o marginal illingness to ay o the ustomers Full market overage obtains hen the olloing onditions hold: t θ >, a 0, tv t < θ <, a > tv, a 0, Min{ tv, a} t < θ <, a < tv, a 0, a or a a, tv < θ <, a < tv, a a, tv here 4 4 a tv θ and a tv θ t t t t Proo ee the Aendi 74

When the ustomers are resonsible or the entire risk and the marginal illingness to ay is high, the monoolist has an inentive to over the ull market Otherise, the monoolist overs only the artial market This is quite intuitive in the sense that ull market overage obtains hen the ustomers value the rodut more Proosition 3 shos that the marginal illingness to ay or the sotare is the only ator that deides the market overage hen the sotare vendors an avoid liability Hoever, it does not hold one liability is imosed on the vendor The results sho that the monoolist is illing to over the ull market given any level o the marginal illingness to ay in the market ith liability We eamine the ase here the otimal quality is an interior solution in the ull market ith liability eending on the onditions, ull market overage obtains even or the ustomers ith lo marginal illingness to ay This is interesting in the sense that the monoolist ho avoids liability and serves artial market may ant to inrease the market overage even hen liable Thus, the liability mehanism may give an oortunity or the monoolist to serve more ustomers ho may be better o sine they do not have to orry about the ossible loss any more Interestingly, there eist onditions under hih the monoolist overs the ull market no matter hat level o the baseline utility is given ine the vendor is resonsible or the entire loss, it has an inentive to over the ull market only hen the maimum ossible loss is bounded In the market ithout liability, the monoolist overs the ull market hen ustomer valuation is high no matter ho high the maimum ossible loss is Hoever, one liability is imosed on the vendor, the vendor never serves the ull market hen it aes atastrohi loss uose that the ull market ondition holds Let ˆ θ be the marginal illingness to ay o the ustomer ho is indierent beteen buying and not buying: ˆ θ onsider the ase here θ V and a meet the ull market ondition Then or all, V, q and asuh that ˆ θ θ Then 75

the monoolist harges the highest ossible rie, θ V Under ull market overage, the monoolist maimizes the eeted roit: Eπ a q tvq V a q tvq θ Eπ The irst order ondition or q is a tvq 0 eall that denotes the ase ith liability q Then solving the irst order ondition yields the otimal seurity quality: ote that q a tv F θ V F The monoolist s eeted roit in the ully overed market ith liability is a a a Eπ F θ V a θ V a tv 4tV 4tV Proosition 4: o matter hih arty is liable or the loss in the ully overed market, seurity quality q inreases ith the roortion o loss to ost a / t and dereases ith baseline utility V When the risk is entirely on the ustomer, seurity quality inreases ith the marginal illingness to ay θ hih does not aet seurity quality under the liability mehanism Proo ee the Aendi The indings are onsistent ith the seurity eerts argument that it is harder to make the sotare ith more eatures seure sine breahes are more likely to be ound in suh sotare Brue hneier, ounder and hie tehnology oier o Internet seurity irm ounterane said, omleity is the enemy o seurity As systems get more omle, they get less seure, in an intervie ith PWorldom Zetter 00 Proosition 4 suorts the argument that sotare vendors oten sariie seurity quality to rovide high untionality We also ind that hen loss 76

is relatively large omared to ost a/ t, meaning that investment on seurity develoment is eiient, the monoolist oers high seurity quality no matter hat mehanism is adoted In other ords, the vendor is illing to rodue sotare ith higher seurity quality hen the same amount o investment is eeted to revent larger loss Our results sho the interlay o the marginal illingness to ay or the sotare and the otimal level o seurity quality When there is no vendor liability, ustomers must value the sotare more to get higher seurity Hoever, one liability is imosed on the vendor, marginal illingness to ay does not aet seurity quality This is beause the ustomers do not areiate seurity quality hen the entire risk is on the vendor side Proosition 5: When ull market overage obtains ith or ithout a liability mehanism, imosing liability on the monoolist redues seurity quality q < q and inreases rie F F > The liability mehanism allos higher roit to the monoolist hen the marginal F F illingness to ay is lo hile it leads to loer roit hen the marginal illingness to ay is high: 4tV EπF > EπF i < θ < a 4tV EπF < EπF i θ > a Proo ee the Aendi This is interesting in the sense that unlike the seurity eerts belie that the liability mehanism gives the sotare vendors an inentive to imrove seurity quality Armour and Humhrey 993, imosing liability may disourage the vendor to develo seurity in the ully overed market In the urrent market here ustomers are resonsible or the entire risk, the eeted loss diretly aets ustomer valuation as ell as vendor ost When liability is 77

imosed on the vendor, ustomers do not have to are about the eeted loss, and they do not areiate the vendor s eort or seurity develoment Thus, the eeted loss only aets the vendor s develoment ost onsequently, the vendor has a higher inentive to develo seurity to maimize its roit hen ustomers are liable When liability is imosed on the monoolist, it redues the seurity quality but harges higher rie or its sotare The monoolist gets higher roit in the market ith liability hen the marginal illingness to ay o the ustomers is relatively lo Proosition 6: The monoolist overing artial market ithout liability may have an inentive to over the ull market ith liability by inreasing quality q > q F P Proo ee the Aendi eall that the monoolist ho overs the artial market ithout liability may have an inentive to over the ull market one liability is imosed Proosition 6 shos that the monoolist oers higher seurity quality in the ull market ith liability than in the artial market ithout liability This result imlies that the monoolist may ant to minimize the eeted loss by imroving seurity quality to inrease market overage hen it is liable or the loss ine the loss diretly aets the monoolist s roit in the market ith liability, the monoolist may have an inentive to oer more seure sotare omared to the urrent market ithout liability here the loss is not a onern o the vendor 35 Poliy Imliation 35 Welare Analysis We eamine the soial lanner s deision on the seurity quality and investigate hether the monoolist oers soially otimal level o quality First, e eamine the ase here no liability 78

is imosed on the sotare vendor Unlike the monoolist ho maimizes the roit, the soial lanner maimizes the soial elare by riing at the marginal ost, hih is zero eall that denotes the ase ithout liability The soial surlus an be ritten as the dierene beteen the gross onsumer surlus and the rodution ost: θ θ V a q d θ tvq θ V a q tvq θ The irst order ondition or q is a θ tvq 0 q Let P reresent the soial lanner s solution The otimal seurity quality o the soial lanner is as ollos: q P aθ 4tV We eamine the market here liability is imosed on the sotare vendor We onsider the soial lanner ho overs the ull market, and maimizes the soial surlus by riing at the marginal ost hih is the eeted loss in this ase eall that denotes the ase ith liability Then the soial lanner in the ully overed market ith a liability mehanism maimizes the olloing soial surlus: θ θ Vd θ a q tvq θ V a q tvq θ The irst order ondition or q is then a tvq 0 q Thus, the otimal seurity quality o the soial lanner is q a tv P 79

Proosition 7: When the market is ully overed, the soial lanner oers higher seurity quality in the market ithout liability than ith liability Without liability, seurity quality is underrovided by the monoolist omared to the soial otimum Hoever, one liability is imosed, the monoolist oers soially otimal level o seurity quality Proo ee the Aendi We ind that the soial lanner oers higher seurity quality in the market ithout liability than ith liability This imlies that the soial lanner may need to loer the seurity quality to take the resonsibility or the entire risk Proosition 7 rovides an evidene o underrovided seurity quality o sotare under monooly, as has been observed in the urrent market It shos that imosing liability on the monoolist may give an inentive to oer soially otimal level o seurity quality This result has a oliy imliation in that liability should be imosed on the vendor to ahieve soially otimal level o seurity hen the market is ully overed by the monoolist eall that hen the ull market ondition holds or both mehanisms, imosing liability may lead to orse seurity quality We investigate hether a liability mehanism is beneiial to ustomers and to the entire soiety Under the mehanism in the urrent market, ustomers are resonsible or the entire risk hih is not a onern or the vendor Hoever, one liability is imosed on the vendor, the ustomers do not take the loss into aount The omarison o onsumer surlus is not trivial in that although liability mehanisms may make ustomers ree rom loss, it leads to higher rie than the urrent market The onsumer surlus in the market ithout liability is θ F θ V a q dθ V a q θ ubstituting q ith the equilibrium quality leads to the olloing onsumer surlus: 80

F a θ a θ V a i < tv tv a θ V i tv onsider the ase here liability is imosed on the monoolist Then the onsumer surlus an be ritten as θ F θvdθ V θ The olloing roosition omares onsumer surlus in both mehanisms Proosition 8: When ull market overage obtains ith or ithout liability, imosing liability on the monoolist may inrease onsumer surlus When the marginal illingness to 4tV ay is relatively lo < θ <, the liability mehanism leads to higher soial surlus as ell a Proo ee the Aendi hneier 004 argues that the ustomers ill ay or seurity one liability is imosed on the sotare vendor, hih means seurity is not ree even in the market here the vendor is liable ine the vendor asses some ortion o seurity develoment ost onto the ustomers, it is not trivial hether onsumer surlus beomes higher beause o ustomers being ree rom the loss or loer due to the inreased rie In the ully overed market, e ind that the monoolist redues seurity quality hen liable Unlike seurity quality, onsumer surlus beomes higher hen liability is imosed on the vendor Although the ustomers ill ay or seurity, the results indiate that the ustomers are better o under the liability mehanism When the marginal illingness to ay is lo, the liability mehanism brings higher soial surlus as ell as higher onsumer surlus 8

35 Inormation Asymmetry Varian 000 argues that liability should be assigned to the arty that an do the best job o managing risk Other seurity eerts ho hamion the liability mehanism argue that liability should be imosed on the sotare vendor sine the vendor is the only arty to have an ability to understand the vulnerabilities, to redit the ossible damage due to the deets, and to kno ho to i them yan 003 In other ords, ustomers are not eretly aare o seurity issues, and thus they are not able to redit ossible loss as aurate as the sotare vendor In this setion, e eamine the sotare market in the resene o inormation asymmetry beteen a sotare vendor and its ustomers In other ords, ustomers may be misinormed about the ossible loss due to sotare vulnerability We investigate hether the inormation asymmetry hanges our results Aording to the eonomis literature, ederal regulation is eetive hen ustomers have miseretion o the rodut harateristis ene 977 We study ho sotare liability, hih is one orm o regulation, orks in the sotare market ith misinormed ustomers We model ustomer s miseretion o the loss by inororating a arameter r, hih denotes seurity aareness o the ustomers Then the eeted loss ereived by the ustomers is r q o ar, e investigated the ase here r a ote that the arameter r does not aet the otimal quality in the market ith liability sine the entire loss is borne by the vendor, and thus it is not in the ustomer s utility untion Ater going through some algebra, e an obtain the otimal quality in the market ithout liability The otimal seurity qualities are as ollos: q q F F r θ tv a tv 8

Proosition 9: When ull market overage obtains ith or ithout liability and the a ustomers underestimate the eeted loss r <, θ imosing liability on the monoolist may inrease seurity quality as ell as onsumer surlus Proo ee the Aendi Proosition 9 suorts seurity eerts arguments that imosing liability on the sotare vendor gives an inentive or seurity quality imrovement eseially hen the ustomers are not aable o understanding the risks and rediting the loss due to sotare vulnerabilities yan 003, hneier 004, Varian 000 We ind that unlike the ase here ustomers are ully aare o seurity issues, liability mehanism is eetive in terms o quality imrovement as ell as onsumer surlus inrease o matter ho muh ustomers are aare o seurity, a liability mehanism makes the ustomers better o by inreasing onsumer surlus Moreover, artiularly hen the ustomers underestimate seurity onerns, the liability mehanism is hat oliy makers need to onsider to have sotare roduts more seure 36 isussion: Endogenous otare Funtionality eall that V is the baseline utility that a ustomer gains rom the sotare and that V is assumed to be eogenous We take V as a summary measure o all non-seurity asets o sotare quality and e highlight seurity quality o sotare by modeling q in the model In this setion, e eamine the ase here V is also a hoie o a sotare vendor For eamle, among nonseurity eatures o sotare, untionality may seriously aet utility o ustomers I V reresents sotare untionality, in reality, the irm may hoose V along ith seurity quality q In that ase, the eet o the liability mehanism on seurity quality o sotare may deend on ho seurity quality q and untionality V interat in the irm s rodution untion In this 83

setion, e analyze the eet o endogenous sotare untionality on our indings to a ertain etent In reality, a sotare vendor deides untionality level irst, then hooses seurity level net onsider athing Arora et al 006 argues that a sotare vendor s best strategy is to introdue the rodut to the market as early as ossible then ath it later To ature this aset in our model, e analyze a our-stage game, in hih the sotare vendor makes sequential deisions At the irst stage, the monoolist sotare vendor deides untionality level, V At the seond, the vendor hooses seurity quality level, q, and at the third, it sets u the rie, Finally, ustomers deide hether or not to buy the sotare eall that the assumtions are q a q tvq [0,], θ ~ Uniorm θ, θ, Eeted Loss, and ost We also assume that V [ V V] here V > 0, imlying that loest ossible untionality should be ositive sine the sotare rovides negative utility otherise and that maimum ossible untionality is bounded Full Market ase onsider the ase ithout liability In setion 33, e sho that the otimal seurity quality and rie are as ollos: a θ a θ qf and F θ V a tv tv At the otimal seurity and rie, the monoolist s eeted roit in the ully overed market ithout liability is a θ EπF θ V a 4tV onsider the irst stage at hih the vendor hooses untionality level The irst order ondition or V is 84

Eπ V The seond order ondition or V is a θ 0 4tV F θ Eπ V a θ > 0 tv F 3 Thus, the roit maimization untion has a boundary solution ote the solution to the irst order ondition, EπF a 0, is V θ t Thus, V V a θ V V a θ VF V i < and VF V i > t t earranging the above onditions yields tv V a a> V V q θ tv θ F and F tv V a θ a< VF V and qf θ tv o, onsider the ase ith liability The otimal seurity quality and rie are shon in setion 34: a qf and F θ V tv The monoolist s eeted roit is a Eπ F θ V a 4tV At the irst stage, the sotare vendor hooses V to maimize its eeted roit The orresonding irst order ondition or V is Eπ V a 0 4tV F θ 85

The seond order ondition or V is Eπ V a tv F > 0 3 imilar to the no liability ase, the roit maimization untion has a boundary solution The solution to the irst order ondition is a Thus, t θ a> a t θ V V VF V and qf tv a< a t θ V V VF V and qf tv uose that θ >, hih is a ull market ondition or the revious analysis here V is eogenous As ill be elained in the net setion, obtaining ull market ondition in a losed orm ith endogenous V is not easible Thus, e sho that our revious result or quality omarison or ull market holds or reasonably high θ ine θ > by assumtion, θ > θ Thus, tv V t θ V V > θ ase : mall Eeted Loss tv V a < θ In this ase, the monoolisti vendor rovides maimum untionality, that is, V V V eurity quality omarison is as ollos: F F q a θ a > q tv tv F F ase : Medium Eeted Loss tv V θ < a< t θ V V When the ossible eeted loss is medium, V V < V V and the otimal seurity quality is F F 86

given by q a θ a > q tv tv F F ase 3: Large Eeted Loss a> t θ V V When the eeted loss an be large, the sotare vendor oers minimum untionality, that is, V V V eurity quality is F F q a θ a > q tv tv F F By eamining all the ases ossible, e ind that seurity quality dereases hen liability is imosed on the monoolisti sotare vendor overing ull market ith ustomers ho have airly high illingness to ay The result rom the endogenous untionality ase is onsistent ith our revious indings This justiies robustness o our result to a ertain etent In other ords, endogenizing untionality does not aet our result on seurity quality omarison in the ull market, hih is a basis or the analysis throughout the aer Partial Market ase In this setion, ith endogenous untionality, e derive the otimal seurity quality in the artially overed market and disuss hy obtaining lear-ut ull market ondition is diiult onsider no liability ase irst In setion 33, e derive the otimal seurity quality and rie, The eeted roit at the otimal aθ θ aθ qp and P V a 8tV 8tV q P and P is a a Eπ θ θ θ 4 4 64tV 4 P V onsider the irst stage at hih the vendor hooses otimal untionality The irst order 87

ondition or V is 4 EπP θ a θ 0 V 4 64tV The seond order ondition or V is Eπ V a θ 3tV 4 P > 0 3 imilar to the ull market ase, the eeted roit is maimized at boundary values o V aθ ote that the solution to the irst order ondition is Thus, 4 t V V aθ V V aθ VP V i < and VP V i > 4 t 4 t earranging the above onditions yields tv V aθ a> VP V and qp θ 8tV tv V aθ a< VP V and qp θ 8tV o, e eamine the ase ith liability In setion 34, e sho that and that the otimal seurity quality is as ollos: P Vθ a q a avθ qp 0 and a > tv and > a 4tV a avθ qp and a > tv and < a 4tV a avθ qp hen a< tv a 4tV ase : Boundary olution q P 0 ote that the eeted roit at the otimal rie, P Vθ a q is 88

Eπ P Vθ a q tvq 4V ine q 0, P Eπ P Vθ a Going through algebra shos the olloing otimal 4V untionality: ase : Boundary olution q V V a V V a VP V i < and VP V i > θ θ P In this ase, the eeted roit is given by Eπ P Vθ tv 4V ine the roit untion is linear in V, the otimal untionality is V V i θ > t and V V i < θ < t P P ase 3: Interior olution q a a avθ 4tV P The interior ase is not trivial The eeted roit at the otimal seurity quality is a avθ a avθ P θ Eπ V a tv 4V a 4tV a 4tV Let a avθ K V K V KV, K V, and K V Then a 4tV V V The otimal untionality denoted by seond order onditions: 4 Eπ P Vθ a a K V a tvk V 4V V P is V hih satisies the olloing irst order and 89

Eπ P θ a 4 4 a a a a akvk V tv akv t K V θ KV 0 V 4 4V 4V 4V V V Eπ P a 4 4 4 a K V tv a K V K V tv 4 a K V K V t 3 V V 4V 4V 4V 4 a akv K V θ a ak V a akv a < 0 3 3 V V V V In this setion, e sho that roit maimization untion or a monoolist sotare vendor in the artial market ase ith liability may have an interior solution or V unlike other ases that lead to boundary solution ine the otimal untionality or the interior q P ase is not trivial, obtaining lear-ut ull market ondition is not tratable 37 onluding emarks Lo quality o sotare has been blamed or oor seurity o omuter netorks in the sense that the deets o oorly ritten sotare are eloited by maliious hakers to attak the omuter systems As an inentive mehanism or sotare seurity quality imrovement, sotare liability has been intensely disussed among omuter sientists, jurists and oliy makers Armour and Humhrey 993, Harmon 003, Hekman 003, yan 003, hneier 004, Varian 000 Unortunately, not muh researh has been done on this issue rom an eonomi ersetive In this aer, e analyze the sotare market dominated by a monoolisti vendor, and investigate hether imosing liability motivates the monoolist to imrove the seurity quality o the sotare, and makes the ustomers and the entire soiety better o We model the ase here the vendor ouses on seurity quality imrovement and both the vendor and ustomers are ully aare o seurity issues In other ords, both arties have rational eetations o the loss aused by seurity breahes o the sotare Unlike diret ontratual 90

risk-sharing that may imose artial liability on the vendor, e eamine the legal and uniorm liability that makes the vendor ully resonsible or the entire loss inurred by seurity breahes o its sotare We identiy the ators that aet the monoolist s deision on the seurity quality We determine the onditions under hih the monoolist has inentive to over the ull market We ind that high marginal illingness to ay leads to ull market overage hen the ustomers are resonsible or the entire risk One liability is imosed on the monoolist, ull market overage obtains or any level o marginal illingness to ay deending on onditions Our elare analysis shos that the soial lanner oers higher seurity quality in the market ithout liability than ith liability and that seurity quality is underrovided by the monoolist in the market here ustomers are resonsible or the entire risk, hile soially otimal level o seurity quality is oered one liability is imosed on the monoolist Interestingly, our results indiate that imosing liability may disourage the monoolist imroving seurity ontrary to seurity ratitioners eetation, hereas onsumer surlus is higher ith a liability mehanism When the marginal illingness to ay is relatively lo, the liability mehanism leads to higher soial surlus Finally, e onsider the ase here ustomers have oor seurity aareness We ind that the liability mehanism leads to higher seurity quality as ell as higher onsumer surlus hen ustomers are not ully aare o seurity issues, and thus underestimate the assoiated risk Then e analyze our model ith endogenous sotare untionality We ind that endogenizing sotare untionality as ell as seurity quality does not aet our basi results everal limitations o our study deserve urther disussion First, our model does not onsider ath management hih an be an alternative ay o ahieving seurity etting u a 9

multi-eriod model and analyzing ho the endogenous athing quality an aet the initial seurity quality ill be an interesting question or uture researh eond, the imliit assumtion in our model is that the eeted loss an be estimated Hoever, this is not an easy roblem Quantiying loss itsel is a hard roblem and many researhers have been orking on this issue, but there is no standardized method as yet eurity eerts argue that the rerequisite or the sotare liability mehanism is measuring the loss and estimating the likelihood esite these limitations, our aer ontributes to the literature in the olloing ays First, our aer analyzes the roblem o sotare liability rom an eonomi ersetive here not muh eonomi researh has been done on this issue although it has been intensely argued by omuter sientist, jurists, and oliy makers eond, e rovide a lear iture o the sotare market, and give a guideline to managers and oliy makers ho try to make sotare seure Our results hel oliy makers deide hih mehanism they need to hoose under ertain onditions Third, our aer elains the huge seurity investment o the monoolisti sotare vendors by identiying the ators that aet the vendors deision on seurity quality suh as baseline utility o the sotare rodut, seurity aareness o the ustomers, and the otential threat to be liable or the loss aused by the sotare vulnerabilities 9

Aendi Proo o Proosition Let Y L q Then q, V Y L q L q,, L q q V L q q V q q, V q, V q, V L q q, V ote that the ost untion is onve and the loss untion is onve That is, q, V > 0, q, V > 0, L q < 0, and L q > 0 Thus, L q L q q, V < 0, < 0, and > 0 q, V L q q, V Y L q Thereore, > 0, that is, q q, V inreases ith q eall that L q L q and q, V q, V F F F θ F L q ine q, V inreases ith q, q > q i θ > Otherise θ <, q F F F q F < QE Proo o Proosition Let k a/ t Then qp θ qp aθ qp aθ >0, >0, and <0 k 8V θ 4tV V 8tV Assume that a< tv q P Then θ av < 4tV a >0 sine a 4 tv uose that a> tv Then a a a a avθ > qp 4tV 0 avθ < qp 4tV a ase : High Marginal Willingness to Pay θ > V 93

a avθ ine a 4tV > 0 and a avθ < 0, < 0 < a 4tV Thus, q P ase : Medium Marginal Willingness to Pay tv a < θ < V The onditions or boundary solutions an be arranged as ollos: a avθ 4 tv >0 q 0 P a avθ 4 tv <0 q P onsider the equation: a avθ 4tV 0 The solution to the equation is either V θ θ 4 t or V θ θ 4 t ine a> Vθ by assumtion, a V t > θ θ 4 Thus, a > V θ θ 4 t q 0 P Vθ < a< V θ θ 4 t q P ase 3: Lo Marginal Willingness to Pay θ < tv ote that θ 4t < 0 Thus, a avθ 4tV > 0 Thereore q 0 QE P Proo o Proosition 3 In setion 33, e sho that the ull market ondition ithout liability is θ > uose that a< tv Then the otimal quality is an interior solution ote that ull market overage obtains hen θv V a 4 tv a Vθ 4atV a 4tV 0 ase : High Marginal Willingness to Pay t θ > ote that a 4tV < 0 The ull market ondition an be ritten as θv V a 4 tv a Vθ 4atV 0 a atv tv θ 0 94

onsider the equation: a atv tv θ 0 The solutions are 4 4 a tv θ and a tv θ t t t t ote that t 4 θ > θ < 0 Thus, a and a do not eist, meaning that the ull t t market ondition alays holds: a atv tv θ > 0 t ase : Medium Marginal Willingness to Pay < θ < t 4 4 ote that < θ < Thus, 0< θ < 0< a_ tv θ tv t t < t t Then a 4tV < 0 The ull market ondition is a atv tv θ 0 The monoolist overs the ull market hen a a or a a Thus, the ull market onditions are: a > tv, a 0,Min{ tv, a } a < tv, a 0, a or a a, tv ase 3: Lo Willingness to Pay < θ < ine < θ <, 4 < θ < Then e have t t t 4 tv θ < 0 a < 0 t t ote that a 4tV < 0 The ull market ondition is a atv tv θ 0 The monoolist overs the ull market hen a < tv and a a, tv Thereore, the monoolist has an inentive to over the ull market or any level o marginal illingness to ay QE Proo o Proosition 4 ote that q a θ a and q Let k a/ t Then tv tv F F 95

qf θ qf a θ qf a >0, <0, >0, k V V tv θ tv and qf q >0, F a <0 k V V tv QE Proo o Proosition 5 a θ a ote that q F and qf Thus, tv tv q F a θ i, and tv a q F i tv o matter hih mehanism is adoted in the market, the monoolist overs the ull market hen t θ >, a 0, tv t < θ <, a > tv, a 0,Min{ tv, a} t < θ <, a < tv, a 0, a or a a tv here 4 4 a tv θ and a tv θ t t t t ine θ, a < qf qf tv a a θ a qf qf tv tv tv a θ a θ a < qf qf tv tv tv Thereore, q F q F Also, note that θ V a q and F F θ V F Then a q ine F F F q F is bounded by, a q F 0 Thereore, F F 96

eall that a θ EπF θ V a and 4tV a Eπ F θ V a Thus, 4tV a EπF Eπ F a θ θ Thereore, 4tV 4tV EπF < EπF i < θ < Otherise a 4tV θ >, a Eπ F Eπ F > QE Proo o Proosition 6 eall that the monoolist overs the artial market ithout liability hen < θ < With liability, ull market obtains or any< θ <, hen the olloing onditions hold: 4 a < tv and a a, tv here a tv θ t t uose that < θ <, and that he ull market ondition holds or the ase ith liability ote that q aθ a and ine< θ <, 8tV tv P qf q aθ a < QE 8tV tv P qf Proo o Proosition 7 The monoolist overs the ull market no matter hether liability is imosed or not i the olloing onditions hold: t θ >, a 0, tv t < θ <, a > tv, a 0,Min{ tv, a} t < θ <, a < tv, a 0, a or a a tv 97

here 4 4 a tv θ and a tv θ t t t t ote that θ > Thus, q a θ a > q tv tv P P a θ a θ Then the olloing omletes the roo: a q F < qp and qf qp tv tv tv QE Proo o Proosition 8 ote that a θ V F F tv a θ a a θ < F F <0 tv tv < F F Thus, F F In Proosition 5, e sho that 4tV EπF < EπF i < θ < Thereore, a 4tV < i < θ < QE a F F Proo o Proosition 9 ote that qf qf ar θ Thus, tv a qf < q F hen r < QE θ 98

eerenes Armour, J, W Humhrey 993 otare Produt Liability Tehnial eort MU/EI- 93-T-3 otare Engineering Institute arnegie Mellon University Arora, A, J aulkins, Telang 006 ell First, Fi Later: Imat o Pathing on otare Quality Management iene 53 465 47 Ernst & Young 004 Global Inormation eurity urvey 004 htt://eyom Fisher, 00 ontrats Getting Tough on eurity eweek Aril 5 Fisk, M 00 auses & emedies or oial Aetane o etork Inseurity st Worksho on Eonomis and Inormation eurity, Berkeley, A Harmon, A 003 igital Vandalism urs a all or Oversight e York Times etember Hekman, 003 To Vies on eurity otare Liability: Using the ight Legal Tools IEEE eurity & Privay 73 75 Mussa, M and osen 978 Monooly and Produt Quality Journal o Eonomi Theory 8 30 37 onnen, U 99 Minimum Quality tandards, Fied osts, and ometition A Journal o Eonomis 490 504 yan, J 003 To Vies on eurity otare Liability: Let the Legal ystem eide IEEE eurity & Privay 70 7 ager, I, J Green 00 The Best Way to Make otare eure: Liability Business Week Marh 8 6 hneier, B 004 Inormation eurity: Ho Liable hould Vendors Be? omuterorld Otover 8 99

ene, M 975 Monooly, Quality, and egulation Bell Journal o Eonomis 6 47 49 ene, M 977 onsumer Miseretions, Produt Failure and Produer Liability The evie o Eonomi tudies 443 56-57 Yurik, W, oss 00 yberinsurane: A Market olution to the Internet eurity Market Failure st Worksho on Eonomis and Inormation eurity, Berkeley, A Varian, H 000 Managing Online eurity isks e York Times June Verton, 003 otare Failure ited in Blakout Investigation omuterorld ovember 4 Zetter, K 00 Three Minutes With eurity Eert Brue hneier PWorld etember 8 00

4 Priing Oen oure otare 4 Introdution Oen oure otare O is sotare or hih the soure ode is available to the ubli, enabling anyone to oy, modiy and redistribute the soure ode Varian and hairo 003 ommerial sotare, by ontrast, is sotare that is distributed under ommerial liense agreements, usually or a ee Oen soure as a servie mark o the Oen oure Initiative OI, a non-roit organization that ontinues to rovide an oiial Oen oure einition Aording to OI deinition, oen soure sotare is sotare hose soure ode an be reely modiied and redistributed The redistribution rights do not relude a omany selling suh sotare or roit eently, oen soure sotare is getting more attention rom not only sotare develoers but also users inluding governments and large enterrises Aording to the Eonomist 003, many ountries in Euroean Union and Asia are unding oen soure sotare initiatives outright For eamle, Jaan announed that it ould ollaborate ith hina and outh Korea to develo oen soure alternatives to Mirosot s sotare, and it has already alloated nine million U dollars to the rojet Aording to BB, the Brazilian government announed that it ould adot oen soure sotare As a result, Brazil s government ministries and state-run enterrises are abandoning Windos in avor o oen soure sotare, like Linu Kingstone 005 Oen soure adotion is rising in the industry setor as ell A reent survey by Forrester esearh shos that 46 erent o the 40 orth Amerian irms ere using oen soure sotare and 4 erent had a lan to use it in 004 In 005, oen soure usage as even higher Among 8 The Oen oure einition htt://oensoureorg/dos/deinitionh 0

resondents, 56% ere using oen soure sotare and 9% ere lanning Gloude 005 Eseially, Linu is identiied as the most idely used oen soure sotare and other idely adoted oen soure sotare inludes Aahe, MyQL, and JBoss Why are irms using oen soure sotare? The Free/Libre and Oen oure otare FLO urvey 00 ound that enterrises are adoting oen soure sotare on the grounds o higher stability, ost savings, and leibility due to the oen and modiiable soure ode Wihmann 00 Indeendene rom riing and liensing oliies o big sotare omanies and better availability o IT seialists are also onsidered to be motivations or oen soure sotare usage Another survey by the International ata ororation I shos that irms are using oen soure sotare beause o its quality and leibility, rather than merely onsidering it "good enough" beause it is ineensive Broersma 005 uh irms onsider the ustomizability o oen soure sotare to be imortant sine they believe that vendors o reakaged, rorietary sotare routinely donlay the ustomizability o oen soure sotare, arguing ustomers are not interested in etending sotare untions themselves On the other hand, a user survey by Forrester esearh inds that the to barriers to oen soure adotion by irms inlude the lak o suort and the availability o aliations eid 004 omanies are also onerned about not having skilled orkers to suort or use oen soure aliations, liensing osts, and seurity Another survey by Atuate, onduted in 006, relets oinions rom 4 resondents in the inanial servies setor It shos that the majority o resondents ited the availability o long term suort 58% as the main barrier to adoting oen soure sotare and the availability o long-term maintenane as a lose seond-lae barrier 447% The beneits inlude ost savings 55%, vendor indeendene 493% and leibility 47% Marthy 006 0

Lately a ne movement in the oen soure sotare industry has been observed As some oen soure sotare roduts beome oular and their market shares aroah ritial mass, the vendors o suh sotare seek to aitalize on the ubliity and oularity o their sotare roduts To aroahes have been suessul in ommerializing oen soure sotare: the dual-liensing model and the suort model With the dual-liensing model, a sotare vendor oers the very same sotare under to dierent lienses Oen soure liense allos the liensees to modiy, distribute, and use the sotare or ree, but it requires the release o any modiiations under the same oen soure liense The ommerial liense ermits using and develoing the sotare under standard ommerial terms MyQL and Oenoie are the eamles o the dual-liensing model A seond aroah is the suort model, hih allos users to get the sotare or ree, but the sotare vendor harges users or suort Although the viability o this model is still questioned, ed Hat and JBoss have been suessul ommerializing their roduts by adoting the suort model There is a lively debate going on among industry eerts about the viability and the salability o the ommerial model o the oen soure sotare Mozar 005, Vaughan-ihols 005 To our best knoledge, no aademi researh has eamined the issue o oen soure sotare riing rom an eonomi ersetive In this aer, e eamine the otimal riing strategies o both the ommerial and the oen soure sotare vendors and ind the onditions under hih a or-roit oen soure riing model is viable We onsider only the businesses as the ustomers in this aer sine most o the roitable ustomers o or-roit oen soure sotare are not individuals but irms Our model atures to soures o ustomer heterogeneity in their valuation o sotare: taste and teh-savviness ustomers value the same sotare dierently For eamle, a omany in an industry using inormation tehnology 03

heavily may have higher valuation o the sotare than other irms sine a signiiant ortion o their business may deend on inormation systems oered by the sotare Taste arameter atures this heterogeneity in ustomer taste We onsider to tyes o ustomers in terms o their teh-savviness Along ith ost savings, beneits rom ustomizability and leibility are onsidered as the to reasons or oen soure adotion When an in-house IT management team ith skilled orkers is available, the irm an enjoy suh beneits sine it has the aability o ustomizing and managing the oen soure sotare When a irm does not have suh aability o managing tehnology, oen soure sotare inurs signiiant suort ost, hih is ited as the main barrier to oen soure adotion We onsider the irms ith a strong in-house IT management team to be high-tye ustomers and the others to be lo-tye ustomers eleting reality, e assume that high-tye ustomers enjoy beneit rom leibility and ustomizability hereas lo-tye ustomers suer rom suort ost hen they use oen soure sotare We omare three dierent riing mehanisms: ommerial sotare, oen soure dualliensing, and oen soure suort We irst eamine the otimal riing strategies or eah riing sheme under monooly setting We ind that the monooly rie or oen soure sotare under dual-liensing is higher than the ommerial sotare rie, hene higher roit, i the total leibility beneit or the high-tye ustomers is higher than total suort ost or the lo-tye ustomers Under the suort model, the oen soure vendor harges or suort at higher rie than the ommerial sotare rie, but it makes loer roit than the ommerial sotare vendor Then e investigate hether the oen soure sotare vendor reers a ertain riing mehanism in the monooly market Our result shos that the dual-liensing model is more roitable hen the dierene beteen leibility beneit and suort ost eeeds a ertain threshold Otherise, the oen soure vendor reers the suort model The otimal 04

hoie beteen the dual-liensing model and the suort model also deends on other ators suh as marginal ost or suort and roortion o the high-tye and lo-tye ustomers Our aer an give guidelines to the oen soure sotare vendors that may have diiulty in making riing deision in the urrent environment We etend our model to a duooly ometition setting The irst senario models ometition beteen a ommerial sotare vendor and an oen soure sotare vendor ith a dual-liensing model We analyze the otimal riing strategies o eah sotare vendor We ind the onditions under hih an equilibrium eists At equilibrium, the ommerial and the oen soure sotare vendors slit the market The oen soure sotare vendor ith a dualliensing model serves high-tye ustomers only, harging higher rie than the ommerial sotare vendor that overs the lo-tye segment Our result roves the viability o the dualliensing model o the oen soure sotare in the resene o ometition ith ommerial sotare et, e study the duooly sotare market hen there is ometition beteen a ommerial sotare vendor and an oen soure sotare vendor ith a suort model The roitability o the suort model has been questioned sine all the ustomers an get the sotare or ree and the vendor an sell its suort only to the ustomers in need, ho are lotye ustomers in our model We ind that the ommerial sotare vendor ometing against the oen soure suort model harges rie equal to the oen soure vendor s marginal ost or suort With this riing strategy o the ommerial sotare vendor, the suort model brings zero roit to the oen soure sotare vendor Then, e eamine the ase o quality asymmetry Interestingly, e ind that the oen soure suort model is viable in the resene o quality asymmetry no matter hether the quality o the oen soure sotare is higher or loer than the ommerial sotare quality The ase o the 05

oen soure sotare ith higher quality is reasonable The oosite ase is interesting in the sense that the oen soure sotare ith loer quality is roitable hile the oen soure sotare ith the same quality as the ommerial sotare is not This an be elained as market eansion or the ommerial sotare When both vendors oer the same quality sotare the high-tye ustomers have no inentive to buy the ommerial sotare sine the oen soure sotare is ree and they do not need any suort Hoever, hen the ommerial sotare is suerior to the oen soure sotare, some high-tye ustomers may buy the ommerial sotare, imlying that the ommerial sotare vendor an target suh high-tye ustomers as ell We generalize our model to relet hat haens in the real-orld database and oerating systems markets We model the dierent soures o the beneit rom dierent oen soure sotare For eamle, ustomers may enjoy ustomizability o oen soure aliation hile they may beneit indeendene rom an established ommerial sotare latorm by adoting oen soure oerating systems Motivated by real-orld henomenon, or eamle, Google, hih is a teh savvy ustomer o ed Hat s suort model, e assume that suort ost may inur to both tyes o ustomers We set u a to-eriod game to study the role o sithing ost that ustomers ae hen they sith rom established ommerial sotare to oen soure sotare We ind that neither the dual-liensing nor the suort model is viable hen the sithing ost is large When the sithing ost is loer than a ertain threshold, sotare vendors slit the market in the seond eriod in a ay that the ommerial sotare serves lotye ustomers and the oen soure sotare vendor overs high-tye segment Interestingly, our results sho that the oen soure sotare ith suort may dominate the market in the seond 06

eriod hen the vendor indeendene beneit eeeds sithing ost Our study identiies the onditions under hih eah oen soure riing model is viable Finally, e disuss viability o oen soure suort model under threat rom large sotare vendor s entering the suort servie market Insired by the Linu suort servie market here Orale reently started selling suort servie or Linu distributed by ed Hat, e model the oen soure suort servie market in order to investigate hether an established sotare vendor s move hurts an oen soure sotare servie rovider by sharing the same ustomer base or hels it by eanding the market and making the oen soure sotare an industry standard We ind that ed Hat s business model is hurt by Orale move hen the intensity o netork eternality is lo In this ase, ed Hat s ometitor, ovell an be better o or orse o ith Orale deending on onditions When ustomers value the size o the netork, our results sho that Orale move an allo ed Hat to make more roit in the oligooly market ith Orale than it makes in the duooly market ithout Orale In the resene o large netork eternality, Orale move hurts ovell hile it may hel ed Hat It is interesting in the sense that Orale s targeting ed Hat makes ed Hat Linu an industry standard and hurts ovell s business hen ustomers enjoy relatively high beneit rom a large netork The rest o the artile is organized as ollos We disuss the related literature in etion 4 We resent our model in etion 43 and eamine eah o the three riing mehanisms under monooly in etion 44 In etion 45, e etend our model to a duooly ometition beteen a ommerial sotare vendor and an oen soure sotare vendor ith eah o the oen soure riing models We generalize our model and study the role o sithing ost in etion 46 In etion 47 e disuss the viability o oen soure suort model under threat rom an established sotare vendor etion 48 onludes the aer 07

4 Literature evie This aer is relevant to to streams o researh: inormation goods riing, and the eonomis o the oen soure sotare The issue o inormation goods riing been etensively studied in the domain o inormation systems ean and Mendelson 990 eamine the otimal riing oliy and aaity investment strategy in the ontet o AP in the resene o nonlinear delay osts Mendelson and Whang 990 study the issue o riing omuter servies under asymmetri inormation or queues While the eeted mean delay is identiied as a ritial ator that aet onsumers utility ean and Mendelson 990; Mendelson and Whang 990, Makie-Mason and Varian 995 argue that hat onsumers ares about is hether their akets are eventually transmitted, not the delay Westland 99 eamines the otimal riing o inormation systems in the resene o netork eternalities Guta et al 997 develos a model hih integrates riority-based riing and ongestion-based riing Priing strategies or inormation goods or IT-enabled riing strategies have been idely eamined by researhers in the domain o Inormation ystems uh issues inlude versioning Bhargava and houdhary 00; undararajan 004, bundling Bakos and Brynjolsson 999; huang and irbu 999; Hitt and hen 005, rie disrimination houdhary et al 005; ean et al 003, and rie disersion lemons et al 00 hen and Png 003 eamine inormation goods riing in the ontet o digital rights management This aer aims to make ontributions to the literature o inormation goods riing by irst eamining riing issue o oen soure sotare, hih has not been studied yet Prior literature on oen soure sotare ouses heavily on understanding the motivations o the individual develoers to artiiate in and ontribute to oen soure sotare rojets Fitzgerald and Feller 00; hah 006 von Hiel and von Krogh 003 onsider to models 08

o innovation, rivate and olletive, and argue that ontributors to O rojets get intangible rivate beneits hih are not resent or ree riders, suh as ersonal satisation and learning Franke and von Hiel 003 eamine the motivations o the Aahe rojet artiiants and ind that users desire to satisy their on needs gives inentive or artiiation aymond 999 suggests that the reutation and the status motivate develoers artiiation hile Ghosh 998 argues that enjoyment and reativity matter More reently, emirial studies ith survey data ind that there are a variety o reasons or O artiiation Ghosh et al 00, Hertel et al 003 ossi 004 lassiies various motivations into either intrinsi or etrinsi Others eamine the issue o oen soure artiiation through an eonomi lens and suggest that eisting eonomi theory an artially elain O artiiation Learner and Tirole 00, 00 Hann et al 00 argue that O artiiation is driven by areer onerns, learning, and reutation oberts et al 006 develo a theoretial model to eamine the system o interrelationshi beteen motivations, artiiation, and erormane We vie the motivation or oen soure sotare develoment in a dierent ay rom the eisting literature That is, some oen soure sotare vendors may share the same inentive ith ommerial sotare vendors ho ursue inanial gain Our aer eamines the inentive o oen soure sotare vendors rom an eonomi ersetive and identiies the onditions under hih they an make money rom oen soure sotare Modeling ometition beteen rorietary sotare and oen soure sotare is an emerging issue among researhers ho study oen soure sotare rom an eonomi ersetive aghunathan et al 005 eamine the quality debate in oen soure sotare by setting u an analytial model and sho that oen soure sotare quality is not neessarily loer than ommerial sotare quality asadesus-masanell and Ghemaat 006 analyze a 09

dynami mied duooly in hih a or-roit rorietary sotare vendor interats ith an oen soure sotare vendor that ries at zero in the resene o demand-side learning eets Eonomides and Katsamakas 006 analyze the otimal to-sided riing strategy o a latorm irm and omare industry strutures based on a rorietary latorm suh as Mirosot Windos ith those based on an oen soure latorm suh as Linu From a legal ersetive, some researh disusses the issue o the or-roit oen soure sotare, ith hih the vendor makes roit Gomulkieiz 004, Välimäki 003 The eisting literature assumes that oen soure sotare is ree o harge and does not onsider the ommerial oen soure sotare rom hih the vendors make roit yet Our aer ontributes to the literature in the olloing ays First, this aer is the irst study that eamines the issue o riing or-roit oen soure sotare rom an eonomi ersetive To our best knoledge, no researh has eamined the issue o oen soure sotare riing through an eonomi lens desite the groing interest in the ommerial oen soure sotare among industry eerts and jurists We ind the onditions under hih eah model is viable by identiying the ators that aet the viability o the riing models eond, our result an give riing guidelines to the oen soure sotare vendors, hih is not lear in the urrent state Finally, e model the motivation or and the barrier to oen soure adotion, releting reality Our indings may rovide a better iture o the oen soure sotare market 43 Model We analyze the otimal riing deisions o an oen soure sotare vendor and investigate hether the emerging riing shemes or oen soure sotare are viable in both monooly and duooly ases here the oen soure sotare vendor ometes against a ommerial sotare 0

vendor We onsider to models o oen soure sotare riing: the dual-liensing model and the suort model The dual-liensing model rovides the same oen soure sotare under to dierent lienses: oen soure liense and ommerial liense Users ho ant to donate their soure ode to the Oen oure ommunity an liense their sotare under the General Publi Liense GPL, hih is the most oular ree sotare liense Under the oen soure liense, the liensees an reely modiy, distribute, and use the sotare at no harge On the other hand, any users ho ant to use the oen soure sotare or roit seeking urose must urhase a ommerial liense MyQL and Oenoie are olloing the dual-liensing model Under the suort model, users an get the sotare or ree, but the sotare vendor harges the users or suort ed Hat and JBoss are eamles o suessul oen soure suort model 43 ustomers ustomers in our model are irms, not individual sotare users Potential ustomers divide into to segments A roortion µ o ustomers are tehnially savvy, and e all them high-tye ustomers These ustomers have a aable in-house IT management team We assume that the high-tye ustomers an take advantage o the leibility o the oen soure sotare by ustomizing the soure ode and that their in-house IT management team an handle maintenane so that they do not need any urther suort rom a vendor or a third arty The high-tye ustomers may adot the oen soure sotare not only beause oen soure sotare has ost advantage but also it gives leibility ustomers in the remaining ration µ are lo-tye ustomers that may inur suort ost i they adot the oen soure sotare The lotye ustomers inentive or oen soure adotion may be ost savings only o matter hih segment a ustomer is in, the ustomer does not enjoy any leibility beneit or suer rom

suort ost hen it uses ommerial sotare Within eah segment, otential ustomers are haraterized by their value, v, rom using the sotare We assume that v is uniormly distributed on [0, ], hih leads to a linear demand urve We also assume risk neutrality o the ustomers We onsider to soures o ustomer utility rom oen soure sotare Our model assumes orrelation beteen the value o oen soure sotare value ustomer s tehnology savviness in a ay that any additional beneit that tehnology savvy ustomers enjoy due to oenness o soure ode is atured by leibility beneit In other ords, tehnology savvy ustomers aability o managing and modiying soure ode adds value to the sotare, hih is leibility beneit in our model The orrelation beteen sotare value and tehnology savviness ill lead to marketability o oen soure sotare under ometition against dominant ommerial sotare sine the oen soure sotare an be aealing to some ustomers ho have an in-house IT management team ith skillul orkers This vie is realisti sine most business ustomers o ommerialized oen soure sotare are tehnology savvy irms For eamle, Google, Yahoo, and AA are the ustomers o MyQL, hih is oen soure database 43 otare Priing hemes We eamine a ommerial sotare model and to oen soure riing shemes: dual-liensing model and suort model In this setion, e resent our model and derive ustomer utility and vendor roit under eah o the three sotare riing mehanisms ommerial otare When a ustomer buys the ommerial sotare, her beneit ould be the same no matter hih tye the ustomer is In other ords, ommerial sotare inurs neither leibility beneit nor

suort ost to the ustomer beyond the value o v that the ustomer derives rom using the sotare In reality, the ommerial sotare may inur some level o leibility beneit and/or suort ost, hih is not signiiant omared to the ase o the oen soure sotare In the oen soure riing models, e onsider the relative beneit and ost rom the oen soure sotare in the subsrit means ommerial sotare Let be the rie o the ommerial sotare The ustomer s utility ould be u v Let q be the demand or the ommerial sotare Then the roit or the ommerial sotare vendor ould be π q Oen oure otare: ual-liensing Model We label the high-tye ustomers H and the lo-tye ustomers L The roortion o the hightye ustomers is µ and the remaining roortion µ is the lo-tye segment in the subsrit reresents the dual-liensing model o oen soure sotare When adoting oen soure sotare, a high-tye ustomer enjoys the leibility beneit hereas a lo-tye ustomer suers rom the suort ost Let be the leibility beneit and s be the suort ost denotes the rie o the oen soure sotare ith a ommerial liense The net beneits or a high-tye ustomer and a lo-tye ustomer are as ollos: u u H L v v Let q H and q L be the demand or the oen soure sotare under dual-liensing riing sheme rom the high-tye and the lo-tye segments, resetively The roit or the oen s soure sotare vendor adoting the dual-liensing model ould be π { qh ql} 3

Oen oure otare: uort Model Let in the subsrit reresent the suort model or oen soure sotare Under this riing sheme, the oen soure sotare vendor rovides the sotare at no harge The vendor makes roit by selling its suort servie to the users in need Let be the rie or the suort The net beneits or a high-tye and a lo-tye ustomer are u u H L v v given s ote that is bounded by the suort ost s I eeeds s, no ustomer ould buy suort servie ine the high-tye ustomers use the sotare or ree and ould never ask or any suort, the vendor makes roit rom the lo-tye ustomers only Let q be the demand or the suort We assume that suort and servie inur marginal ost, The roit or the oen soure sotare vendor adoting the suort model ould be π q Table summarizes utility that a ustomer enjoys rom sotare under eah o the three mehanisms Table Utility rom otare High-Tye Lo-Tye ommerial O: ual-liensing O: uort v v v v s v v 4

44 Monooly In this setion, e eamine the otimal riing strategies or eah riing sheme under monooly We omare ries and roits o the three riing models: ommerial, oen soure dual-liensing and oen soure suort We investigate hether eah mehanism is viable hen the sotare vendor monoolizes the market ine a monooly ase is not uninteresting or sotare eg Mirosot, e start ith the monooly ase although it may not be realisti or most or-roit oen soure sotare urrently available in the market 44 Prie ommerial otare ustomers ho get ositive utility ould buy the sotare The demand or the ommerial sotare ould be q dv The roit or the ommerial sotare vendor is π q The irst-order ondition or π is π 0, resulting in the roit-maimizing rie as Oen oure otare: ual-liensing Model The demand or the oen soure sotare rom the high-tye and the lo-tye segments are 5

q q H L s dv dv The oen soure sotare vendor adoting a dual-liensing gets the olloing roit: s π { q H { q L } s} The irst-order ondition orπ is π s 0 Thus, the otimal rie under the dual-liensing model is s Oen oure otare: uort Model Under the suort model, the oen soure sotare vendor makes roit out o lo-tye ustomers only The demand or the suort model ould be q dv The roit or the oen soure sotare is then π q here is the marginal ost or suort The irst-order ondition is π 0 Thus, the otimal rie is 6

44 Proit In this setion, e omare the roits o the three dierent sotare riing models and investigate ho muh roit the oen soure sotare riing sheme brings omared to ommerial sotare We eamine the viability o the oen soure sotare riing models in a monoolized sotare market ote that the ommerial sotare vendor makes the olloing roit at the otimal rie: π 4 The roit or the oen soure sotare vendor ith a dual liensing model at the otimal rie ould be π { { s { s } 4 } s} Finally, ith a suort model, the oen soure sotare vendor makes its roit as ollos: π 4 omarison o the otimal ries leads to the olloing Proosition Proosition : Under monooly, the oen soure sotare ith a dual-liensing model harges higher rie than the ommerial sotare vendor > and makes higher roit π > i the total leibility beneit or the high-tye ustomers is higher than the total π suort ost or the lo-tye ustomers > s Otherise i < s, the 7

ommerial sotare is more eensive < and more roitable π < than the oen π soure sotare ith a dual-liensing model With a suort model, the oen soure sotare vendor rovides suort at higher rie than ommerial sotare rie > and makes less roit π < π Proo ee the Aendi When an oen soure sotare vendor ith a dual-liensing model monoolizes the market, the oen soure sotare rie deends on leibility beneit, suort ost and roortion o high-tye ustomers I the total leibility beneit or the high-tye ustomers eeeds the total suort ost or the lo-tye ustomers, oen soure sotare an be more eensive than ommerial sotare Otherise, oen soure sotare harges a rie loer than ommerial sotare Interestingly, ith a suort model, an oen soure vendor sells its suort at higher rie than the ommerial sotare rie ine the roitable ustomers or the oen soure suort model is only the lo-tye segment, the oen soure vendor s otimal strategy is harging high rie or suort This may ontradit the results rom the survey on motivation or oen soure adotion, hih ites ost advantage on the to o the list In reality, monooly may not be the ase or most or-roit oen soure sotare Proosition shos the otimal riing strategies o the oen soure sotare as a benhmark We also ind that both riing models or oen soure sotare are viable hen the sotare vendor monoolizes the market Then hih riing sheme is better or the oen soure sotare vendor that monoolizes the market? ual-liensing model or suort model? We net eamine the strategi inentive o the oen soure sotare vendor or eah riing sheme and ind the onditions under hih one mehanism is better than the other Proosition : Under monooly, a dual-liensing model is more roitable than a suort 8

model π > hen s > The oen soure sotare vendor makes π more roit ith a suort model than ith a dual liensing model π < hen s < π Proo ee the Aendi Proosition shos the onditions under hih the monoolist oen soure vendor makes a hoie beteen the dual-liensing model and the suort model The result imlies that the dualliensing model is better than the suort model i the total net beneit rom oen soure, hih is the dierene beteen the total leibility beneit and total suort ost, is greater than a ertain threshold I the net beneit does not reah the threshold, the suort model is more roitable than the dual-liensing model ual-liensing Model ual-liensing Model s Fleibility s Fleibility uort Model uort Model uort ost s uort ost s Figure Oen oure Priing under Monooly Figure illustrates the role o the marginal ost or suort and the roortion o the hightye ustomers to the rameork It is shon that the dual-liensing model is reerred in the uer-let region hile the suort model is hosen in the loer-right region As the marginal ost or suort inreases, the region or the dual-liensing model beomes ider This is 9

reasonable in the sense that the suort model is less viable hen the marginal ost or suort is higher The roortion o the high-tye ustomers tilts the line hile the marginal ost shits it As the high-tye segment beomes bigger, the dual-liensing model beomes more reerable This makes sense beause the high-tye ustomers are roitable only to the vendor ith the dual-liensing model Thus, an inrease in the roortion o the high-tye ustomers makes the dual-liensing model more attrative to the oen soure sotare vendor 45 ometition In the real orld, there are suessul eamles o or-roit oen soure sotare ometing ith ommerial sotare With a dual-liensing model, MyQL ometes against Mirosot QL server ed Hat Enterrise Linu, hih is a ommerial version ith suort and servie, ometes against Mirosot Windos In this setion, e study the otimal riing strategies o the ommerial and the oen soure sotare vendors in more realisti ases We etend our model to a duooly ometition setting First, e eamine the ometition beteen a ommerial sotare vendor and an oen soure sotare vendor ith a dual-liensing model Then e study the ase here an oen soure sotare vendor ith a suort model ometes against a ommerial sotare vendor 45 Oen oure otare ith ual-liensing versus ommerial otare eall that a ustomer enjoys the olloing utility by adoting ommerial sotare: u v The oen soure sotare vendor ith a dual-liensing model rovides the olloing beneits to a high-tye ustomer and a lo-tye ustomer, resetively 0

u u H L v v A urther analysis o the ustomer beneits leads to Proosition 3 Proosition 3: In a duooly market ith a ommerial sotare vendor and an oen soure sotare vendor ith a dual-liensing model, the ommerial sotare vendor serves lo-tye ustomers hile the oen soure sotare vendor serves high-tye ustomers An equilibrium eists in the resene o suiient leibility beneit and suort ost and s When leibility beneit is high and suort ost is lo and 0 < s <, the ondition or an equilibrium to eist is as ollos: s s The otimal ries are s and Proo ee the Aendi We ind that a ommerial sotare vendor and an oen soure sotare vendor ith a dualliensing model target dierent segments o the ustomers When they omete against eah other, a ommerial sotare vendor serves the lo-tye ustomers hile an oen soure sotare vendor serves the high-tye ustomers This is onsistent ith the literature on rodut disrimination and versioning in the sense that the high-tye ustomers hoose high-value roduts, oen soure sotare in this ase, sine it rovides leibility beneit in addition to the original value o the rodut to the high-tye ustomers Our indings suort viability o the dual-liensing model or oen soure sotare

45 Oen oure otare ith uort versus ommerial otare We eamine a duooly sotare market here an oen soure sotare vendor ith a suort model ometes ith a ommerial sotare vendor We investigate hether the suort model is viable in this market and eamine the imat o ometition on eah vendor s roit eall that net beneit rom ommerial sotare ould be u v On the other hand, oen soure sotare ith a suort model gives dierent levels o beneit to the ustomers in dierent tyes: u u H L v v given s Proosition 4: In a duooly market ith a ommerial sotare vendor and an oen soure sotare vendor ith a suort model, the ommerial sotare vendor harges rie at the oen soure vendor s marginal ost or suort The ommerial sotare vendor makes a ositive roit π hile the oen soure sotare vendor makes zero roit When the marginal ost or suort is large < <, the ommerial sotare vendor harges its monooly rie Proo ee the Aendi Unlike the dual-liensing model, the oen soure suort model is not viable in a duooly market The ommerial sotare vendor s best strategy is not to allo the oen soure vendor to make any ositive roit by aggressive riing ine there is an asymmetry in marginal ost, the oen soure sotare vendor is not able to survive the ometition Our result shos that the ommerial sotare vendor rovides its sotare at the oen soure sotare vendor s marginal

ost or suort onsequently, the oen soure vendor makes zero roit hile the ommerial sotare vendor is able to make ositive roit Then e eamine the dierent quality ase and study ho asymmetry in quality aets the viability o the oen soure sotare suort model hen both vendors deide their ries simultaneously Let be the quality dierene arameter, hih is a roortion o the value o the ommerial sotare to the value o the oen soure sotare We assume that quality is the only ator that aets the value o sotare We use sotare value and sotare quality interhangeably Then the ustomer s utility rom the ommerial sotare ould be u v eall that the net beneit rom the oen soure sotare ith a suort model is u u H L v v given s There are to ossible ases o asymmetri quality The ommerial sotare oers higher quality than the oen soure sotare > and the oen soure sotare quality is higher than the ommerial sotare 0 < < We start ith the ormer ase ase : Better ommerial otare > High-Tye ustomers ote that u u v v The ustomer in the high-tye segment ould buy the H ommerial sotare u u > 0, ie v > ine >, H 0 < v < < v < Buy ommerialsotare Get oen soure sotare or ree 3

4 Thus, the demand or the ommerial and the oen soure sotare ould be 0 and H H dv q dv q Lo-Tye ustomers The ustomer in the lo-tye segment ould buy the ommerial sotare, > 0 L u u ie v > ot buy any sotare 0 Get oen soure sotare and buy suort Buy ommerialsotare < < < < < < v v v Thus, the demand or the ommerial and the oen soure sotare ould be and L L dv q dv q The roit or the ommerial vendor is } { } { L H q q π The irst-order ondition is 0 } { π The roit or the oen soure sotare vendor omes rom only lo-tye ustomers Thus,

5 L q π The irst-order ondition is 0 π olving or the olloing equations give otimal ries 0 0 The otimal ries are 4 and 4 } { ase : Better Oen oure otare 0 < < High-Tye ustomers ote that 0 < v v v u u H Thus, high-tye ustomers alays hoose the oen soure sotare When the oen soure sotare rovides higher quality than the ommerial sotare, both sotare vendors target the lo-tye ustomers only Lo-Tye ustomers The ustomer in a lo-tye segment ould buy oen soure sotare, > 0 L u u ie v >

6 ot buy any sotare 0 Buy ommerialsotare Get oen soure sotare and buy suort < < < < < < v v v Thus, the demand or the ommerial and the oen soure sotare ould be L L dv q dv q The roit or the ommerial sotare vendor is } { L q π The irst-order ondition is 0 } { π The roit or the oen soure sotare vendor is L q π The irst-order ondition is 0 π olving or the olloing equations give otimal ries 0 0 The otimal ries are 4 7 and 4 7

A urther analysis o the ries leads to the Proosition 5 Proosition 5: In a sotare market here the ommerial sotare vendor rovides higher quality than the oen soure sotare ith a suort model >, the ommerial sotare vendor harges more or the sotare and the oen soure sotare vendor harges more or the suort as the quality dierene beteen the ommerial sotare and the oen soure sotare inreases The rie dierene inreases ith the quality dierene When the oen soure sotare quality is higher than the ommerial sotare 0 < <, the oen soure sotare vendor harges more on suort as the 3 quality dierene inreases When the marginal ost or suort is lo 0 < <, 4 ommerial sotare rie inreases ith quality dierene 3 Otherise < <, ommerial sotare rie dereases ith quality 4 dierene Proo ee the Aendi Proosition 5 shos that the oen soure suort model is viable in the resene o quality asymmetry o matter hether the quality o the oen soure sotare is higher or loer than the ommerial sotare, the oen soure sotare vendor makes roit ith a suort model in a duooly market When the oen soure sotare has higher quality, it is reasonable that the oen soure sotare is roitable The oosite ase is interesting in the sense that the oen soure sotare ith loer quality is also roitable although e ind that the oen soure sotare ith same quality as the ommerial sotare is not This an be elained as the 7

market eansion o the ommerial sotare vendor When the quality is idential or both vendors, the high-tye ustomers have no inentive to buy the ommerial sotare, sine the oen soure sotare is ree and they do not need any suort Hoever, hen the ommerial sotare oers higher quality than the oen soure sotare, some high-tye ustomers ill be illing to buy the ommerial sotare, thereore, the market or the ommerial sotare is eanded a Better Oen oure otare < b Better ommerial otare > Figure otare Prie and Proit Figure illustrates the otimal ries and roits ith reset to the quality dierene Unlike the ase o symmetri quality, the oen soure sotare vendor ith a suort model an make ositive roit in the resene o quality asymmetry Even hen the oen soure sotare rovides orse quality, the oen soure sotare vendor makes a thin but ositive roit As mentioned earlier, this an be a result o market eansion This quality dierene an be one ossible ay to elain the suessul oen soure suort model by some oen soure sotare vendors suh as ed Hat and JBoss Our indings suort the viability o the oen soure sotare suort model 8

46 ometition in the Presene o ithing ost ommerializing oen soure sotare is a airly ne idea hih is not revalent in a real-orld sotare market yet Unless an oen soure sotare vendor reates a market by introduing totally ne sotare, it annot hel aing ometition against an eisting ommerial sotare vendor hih already dominates the market In that ase, the otential ustomers ho onsider buying ommerialized oen soure sotare need to onsider the etra ost that inurs hen they sith rom the ommerial sotare that they are amiliar ith to the oen soure sotare, as ell as the rie they ay or the sotare Eonomists all suh etra ost sithing ost In order to relet reality, taking sithing ost into aount is imortant This is irst issue e bring in this setion to enrih our model and eamine hat haens in reality eond, e onsider to dierent ases hih are reresentative o the real-orld oen soure sotare market We hoose to senarios so that they an ully over the oen soure sotare market in terms o both riing models and sotare harateristis As disussed earlier, to riing mehanisms to sell oen soure sotare have been available: dual-liensing model and suort model MyQL is a suessul eamle o ommerializing oen soure sotare under dualliensing mehanism and ed Hat Linu is a ase o suort model otare harateristis ise, e over to dierent ategories One is aliation sotare, and the other is oerating systems sotare The soure o beneit is dierent in that ustomers are likely to enjoy modiiability o oen soure aliation sotare hereas oen soure oerating systems sotare like Linu allo leibility and vendor indeendene beneit In this setion, e eamine to senarios hih an serve as reresentative ases o the real orld oen soure sotare markets The irst ase is insired by the ometition in the database management systems sotare market here oen soure MyQL ometes ith Mirosot QL 9

erver This senario relets a market ith oen soure aliation sotare under dualliensing model The seond ase models oerating systems sotare market here ed Had Linu is threatening Mirosot Windos, hih atures a market ith oen soure oerating systems sotare under suort model In both senarios, e eamine the role o sithing ost in the ometition beteen oen soure sotare and ommerial sotare We aim to have enough insights rom these to senarios sine they an reresent the real-orld sotare markets ith ometition beteen roit-seeking oen soure sotare vendor and dominating ommerial sotare vendor suh as Mirosot By onsidering the ators that aet viability o ommerial oen soure sotare suh as sithing ost and soures o beneits to oen soure ustomers, our analysis an rovide managerial insights to oen soure sotare vendors ho may ant to ursue roit, ommerial sotare vendors ho may ae a threat rom oen soure sotare, and the ustomers ho ant to make a right deision beteen oen soure and ommerial sotare In this setion, e generalize our model and eamine the ase o to-eriod ometition in the resene o sithing ost In etion 6, e model the ometition beteen a ommerial sotare vendor and an oen soure sotare vendor ith a dual liensing model in the resene o sithing ost eg ometition beteen Mirosot QL server and MyQL In etion 6, motivated by the ometition beteen Mirosot s Windos and ed Hat Linu, e study the ometition beteen ommerial sotare and oen soure sotare ith a suort model Our generalized model relets reality better than the basi model in the olloing ays First, e identiy and model the dierent soures o O beneit ustomers enjoy dierent beneit rom dierent oen soure sotare For eamle, MyQL may rovide ustomizability hile Linu may allo latorm indeendene eond, e eamine the role o sithing ost by setting u a 30

to-eriod game In reality, a or-roit oen soure sotare vendor oten enters the market that has been dominated by a monoolisti ommerial sotare vendor In an eletroni market suh as a sotare market, vendors oten lay a strategy to lok in their ustomers by reating sithing ost hen and Hitt 00 Third, in ontrast to the basi model here only lo-tye ustomers inur suort osts, e assume that oen soure sotare may inur both leibility beneit and suort ost to both high-tye and lo-tye ustomers to relet the reality better For eamle, ed Hat announed that Google oerates its searh engine and all o its omuting untions on a luster o more than 4,000 Ps running ed Hat and that Google is one o the large ustomers o the ed Hat Linu suort model This imlies that tehnially savvy irms suh as Google, may suer rom suort ost as ell 46 Mirosot QL erver versus MyQL We model the ometition beteen ommerial and oen soure sotare ith a dual liensing model Figure 3 visualizes the struture o the game Period Mirosot QL erver Prie Value v High Tye Value v-t Modiiability m uort ost s H ithing ost ustomers Period Prie Value v - Prie Lo Tye Value v-t uort ost s L ithing ost Mirosot QL erver MyQL Figure 3 Mirosot QL erver versus MyQL 3

Period : ommerial otare Only ommerial vendor introdues sotare at rie or eriod liensing ustomers deide hether or not to buy the sotare The demand or ommerial sotare is determined Period : ommerial versus Oen oure Period game is based on the ustomers ho urhased ommerial sotare in eriod An oen soure sotare vendor rovides sotare at rie or eriod liensing A ommerial sotare vendor observes the O rie and then oers sotare at rie or eriod liensing ustomers hoose either o the olloing strategies tay ith the ommerial sotare and ay ith to oen soure sotare and inur sithing ost ithing ost deends on the sale arameter and the market size Eit, ie, do not buy any sotare In this game, a ustomer has our strategi hoies A ustomer an buy ommerial sotare in both eriod and, or buy ommerial sotare in eriod and sith to oen soure sotare in eriod O It is also ossible that the ustomer ho buys the ommerial sotare in eriod hooses not to buy any in eriod X Finally, a ustomer an hoose not to buy any sotare in any eriod XX Industry eerts argue that Mirosot QL server omes ith more eatures than MyQL, suh as omatibility ith AP3 Our model ature this untional deiieny o MyQL by having arameter t MyQL allos high-tye ustomers to enjoy modiiability m But they suer rom suort ost s H I a lo-tye ustomer buys oen 3

soure sotare it inurs suort ost s L We assume that 0 < m t sh <, meaning that net beneit to high tye ustomer does not eeed sum o maimum ossible rodut value and maimum ossible sithing ost ote that, and reresent ommerial vendor s eriod rie, eriod rie, and oen soure sotare vendor s rie, resetively Then hightye and lo-tye ustomers enjoy the olloing utility rom eah hoie O X XX High - Tye v 0 v v v v m t s H Lo - Tye - v 0 v v v v s L ote that a ustomer ho hooses enjoys ositive utility: v 0 and v 0 For suh ustomers, XX and are dominated by omarison o and O is not trivial A high-tye ustomer reers the ommerial sotare to the oen soure sotare i v v > v v m t sh ote that is the eriod demand or the ommerial sotare, hih is, Thus, the above ondition an be ritten as < m t sh A lo-tye ustomer stays ith the ommerial sotare i v v > v v sl hih an be reritten as, < s enote d H m t sh A urther analysis leads to Proosition 6 L Proosition 6: In the resene o high sithing ost > d H, a ommerial sotare vendor sets u its ries to revent ositive roit or an oen soure sotare vendor ith a dual liensing model The otimal irst and seond eriod ries or the ommerial sotare are as ollos: 33

34 4 3 4 3 3 H H H H H H H H d d d d d d d d When the sithing ost is lo H d <, a ommerial sotare vendor serves lo-tye ustomers and an oen soure sotare vendor serves high-tye ustomers by harging olloing ries: 3 3 3 3 s d s d s d s d s d s d s d s d s d s d s d L H L H L H L H L H L H L H L H L H L H L H d H Proo ee the Aendi Proosition 6 shos that the dual-liensing model is not viable hen ommerial sotare is dominating the market and ustomers ae high sithing ost The ommerial sotare vendor sets u the ries not to allo the oen soure sotare vendor to make any ositive roit onsequently, the oen soure sotare vendor does not have any inentive to enter the market In the resene o lo sithing ost, the oen soure sotare vendor rovides its sotare at rie that attrats high-tye ustomers ho are the users o ommerial sotare in eriod As a result, a ommerial sotare vendor and an oen soure sotare vendor slit the market in that a ommerial sotare vendor serves lo-tye ustomers and an oen soure sotare

vendor serves high-tye ustomers Our results rove that the dual-liensing model is viable under ometition against established ommerial sotare i sithing rom ommerial sotare to oen soure sotare does not inur large ost to the ustomers Figure 4 and 5 illustrate the otimal ries and roits at equilibria Figure 4 Prie, Proit and ithing ost High ithing ost Figure 4 shos the otimal irst and seond eriod ries and the roit or the ommerial sotare When the sale arameter or the sithing ost is suiiently large, the ommerial sotare vendor harges lo rie in the irst eriod and inreases its rie in the seond so that it an have a large installed base in the irst eriod and lok in the ustomers in the seond When the sale arameter is relatively small, the ommerial vendor annot inrease sithing ost in the seond eriod eiiently by having a large installed base in the irst eriod Thus, the otimal strategy is to harge higher rie in the irst eriod than in the seond to maimize its roit We also ind that the roit or Mirosot inreases ith the sithing ost arameter 35

Figure 5 Prie, Proit and ithing ost Lo ithing ost The otimal ries and roits in the resene o lo sithing ost are shon in Figure 5 ine ustomers ae lo sithing ost hen they make a deision in the seond eriod, the oen soure sotare vendor sets u the rie that attrats high-tye ustomers The ommerial sotare vendor lays a riing strategy to maimize its irst eriod roit by harging higher rie irst and loering it in the seond The ommerial sotare vendor makes higher roit than the oen soure sotare vendor sine it sells its sotare or both eriods But, unlike the ase o high sithing ost, the oen soure sotare vendor makes ositive roit ith a dualliensing model 46 Mirosot Windos versus ed Hat Linu In this setion, e eamine the oerating systems market here an oen soure sotare vendor ometes against an established ommerial sotare vendor ed Hat Linu is one o the e oen soure sotare vendors that have been suessul in ommerializing its oen soure sotare by adoting a suort model Industry eerts have been doubtul about its viability sine ustomers get the sotare or ree and the vendor only targets the ustomers ho need 36

suort ed Hat roves viability o the suort model Hoever, there is no aademi researh that identiies the onditions that aet viability and salability o the oen soure suort model Figure 6 illustrates the model struture Period Mirosot Windos Prie Value v ustomers High Tye Value v Fleibility ithing ost Prie - Lo Tye Period Value v Prie Value v ithing ost Mirosot Windos Vendor Indeendene k ed Hat Linu Period 3 Mirosot Aliation Oen oure Aliation Figure 6 Mirosot Windos versus ed Hat Linu The struture o the game is similar to the game in etion 46 The hanges made are as ollos First, the soures o leibility beneit are dierent in this game Unlike ustomizability that may be the biggest art o the leibility o aliation sotare suh as database management systems, the oen soure oerating systems allo users to enjoy vendor indeendene, hih is identiied as a major beneit o using Linu by surveys For eamle, Mirosot Windos ustomers need to buy ostly Mirosot-omatible aliations suh as Mirosot Oie But, the Linu ustomers may enjoy lo-ost or ree sotare suh as taroie In our model, Linu adoters realize its vendor indeendene beneit in eriod 3 Parameter k atures the beneit due to indeendene o ommerial latorm It inurs to both 37

tyes o ustomers eond, e generalize our setting in a ay that oen soure sotare may inur suort ost to high-tye ustomers as ell as lo-tye ustomers Goolge, knon as a irm ith advaned tehnology is one o the biggest ustomers o ed Hat s suort model Unlike the oen soure aliation sotare hih may allo tehnology savvy irms to modiy the sotare, Linu may give suh high-tye irms leibility hih may eeed suort ost In this senario, our model still atures suort osts that Linu brings to the ustomers By deinition o high-tye and lo-tye ustomers, high-tye ustomers enjoy beneits more than lo-tye ustomers Third, e normalize the suort ost to lo-tye ustomers to be zero in our model Thus, leibility beneit reresents the additional beneit that high-tye ustomers have omared to the lo-tye ustomers eall that, and reresent ommerial vendor s eriod rie, eriod rie, and oen soure sotare vendor s rie or suort, resetively Then high-tye and lo-tye ustomers enjoy the olloing utility rom eah o ossible hoies O X XX High - Tye v 0 v v v v k Lo - Tye - v v 0 v v v k olving or sub-game eret equilibria leads to the olloing Proosition Proosition 7: When the sithing ost is high > k, a ommerial sotare vendor lays a riing strategy to revent ositive roit or an oen soure sotare vendor ith a suort model The otimal irst and seond eriod ries or the ommerial sotare are 38

39 } { 4} { 3 } { 4} { 3 3 k k k k k k k k In the resene o medium sithing ost k k < <, a ommerial sotare vendor serves lo-tye ustomers and an oen soure sotare vendor serves high-tye ustomers by harging olloing ries: 3 3 3 3 k When the sithing ost is lo k <, both high-tye and lo-tye ustomers sith rom ommerial sotare to oen soure sotare The ommerial sotare vendor sets u monooly rie in the irst eriod, and the oen soure sotare vendor ries at k In the resene o high sithing ost, the results are onsistent ith the ase o the dualliensing model The oen soure sotare vendor annot make any ositive roit ith a suort model either When the ustomers ae medium sithing ost, a ommerial sotare vendor and an oen soure sotare vendor slit the market The ommerial sotare vendor serves lo-tye ustomers and the oen soure sotare vendor serves high-tye ustomers When the sithing ost is lo, interestingly, oen soure sotare dominates the market in the seond eriod All the ustomers sith rom ommerial sotare to oen soure sotare The ommerial sotare vendor maimizes its irst eriod roit by setting u monooly rie This

is interesting in the sense that the oen soure suort model may in the ometition against established ommerial sotare hen sithing ost is lo enough omared to beneits rom the oen soure sotare Our results an elain the suess o ed Hat Linu in the real-orld oerating systems market Figure 7 Prie, Proit and ithing ost High ithing ost Figure 7 illustrates the otimal irst and seond eriod ries and the roit or the ommerial sotare The oen soure suort model is not viable in the resene o large sithing ost onsistent ith the riing strategy under ometition against oen soure ith dual-liensing, the ommerial sotare vendor harges lo rie in the irst eriod and inreases its rie in the seond to maimize its installed base in the irst eriod 40

Figure 8 Prie, Proit and ithing ost Medium ithing ost Figure 8 shos the otimal ries and roits in the resene o medium sithing ost In this ase, the sotare vendors slit the market in the seond eriod in a ay that the ommerial sotare vendor serves the lo-tye ustomers and the oen soure sotare vendor overs the high-tye segment Interestingly, as sithing ost inreases, ries and roits derease or both vendors When the sithing ost is in a medium range, large sithing ost may even hurt the ommerial sotare vendor as ell as the oen soure sotare vendor As sithing ost inreases, both the ommerial and the oen soure sotare vendors loer their ries in order to make u or dereased ustomers utility, resulting in dereased roits Figure 9 Prie, Proit and ithing ost Lo ithing ost 4

The otimal rie and roit in the resene o lo sithing ost are shon in Figure 9 When the vendor indeendene beneit eeeds the sithing ost, the oen soure sotare suort model dominates the market in the seond eriod Our results imly that the oen soure sotare suort model is viable hen oen soure oerating systems adotion brings vendor indeendene beneit that eeeds sithing ost, and inurs suort ost to the ustomers in both segments The ommerial sotare vendor maimizes its roit in the irst eriod by harging monooly rie and does not are about keeing its ustomers in the seond eriod The oen soure sotare vendor loers its rie or suort as sithing ost inreases 47 isussion In Otober 006, Orale announed that it ould rovide tehnial suort or Linu sotare distributed by ed Hat and that its suort ould be at about hal the rie o ed Hat s servie Flynn and Lohr 006 In ater-hours trading, ed Hat s stok lunged 6 erent, or $36, to $95 ine ed Hat makes roit on tehnial suort, the Orale move as seen as a hostile at hih might eventually kill ed Hat s business This vie as shared by many industry eerts suh as harles di Bona, an analyst at anord Bernstein & omany Aording to Orale ress release, Orale as able to oer its Unbreakable Linu rogram or substantially less than ed Had harges or its best suort on behal o its breadth and deth o tehnial eertise, advaned suort tehnologies, and global reah inluding 7000 suort sta in 7 global suort enters hores 006 We believe that better suort and loer suort ries ill seed the adotion o Linu, and e are orking losely ith our artners to make that haen, said Orale EO Larry Ellison The Orale s involvement in the Linu suort servie market targeting ed Hat Linu has 4

been a oular disussion toi among industry eerts ho vie this henomenon as a ossible risk to any businesses making money rom oen soure sotare by selling suort servie In the urrent state o the sotare industry, selling suort servie is the only ossibility to make money rom oen soure sotare hen the oyright to the soure ode is not oned by any entity suh as Linu As mentioned earlier, this suort servie model has been onsidered to be a romising business model hih brings roit to oen sotare vendors Hoever, the roblem is that anyone ould sell suort servie to the ustomers o the same oen soure sine nobody ons the oyright to Linu soure ode As a result, anyone an sit and ait till the viability o a suort servie model or ertain oen soure sotare is roven, and then enter the market selling the suort servie or the same oen soure sotare When it is the large sotare vendor suh as Orale ho may already have a large installed base or selling suort servie and a grou o eeriene emloyees, it an beome a serious threat to the businesses that have been suessul ith its suort servie model This argument may elain the inentives o the established giant sotare vendors ho have been getting involved in oen soure sotare industry as investors or observers Interestingly, some industry eerts do not agree that Orale Linu ill kill ed Hat Kerner 006 argues that Orale may not be able to math the quality o suort servie ith ed Hat s servie beause Orale has seii needs rom ed Hat to better ontrol and onigure the sotare rovided by ed Hat Eseially, ed Hat is on the verge o releasing HEL 5, hih inludes a long list o ne eatures that only ed Hat truly understands and is able to suort For eamle, a Xen virtualization manager and imroved ELinu suort are no aearing in Fedora ore 6 Although Orale may redue ost and oer suort servie at loer rie, the ustomers may need to sariie quality o servie As a result, Orale Linu may not hurt ed 43

Hat as muh as eeted ather, industry eerts argue that it may hurt ed Hat s ometitors suh as ovell ar orse sine Orale is basially making ed Hat Linu as an industry standard Kerner 006 This vie is very interesting in the sense that ed Hat may be better o having a serious ometitor in the market suh as Orale I the beneit rom an eanded netork eeeds the loss rom rie-ut, it may be true that ed Hat ill be better o having Orale in the market In this setion, e eamine the viability o the oen soure sotare suort servie model under ometition in the resene o a large sotare vendor threatening its business model The otential threat rom ommerial sotare vendors ho already have eertise in sotare suort is an imortant ator to onsider hen oen soure sotare vendors lan to ommerialize their sotare by selling suort servie ue to the oen nature o the sotare, it is likely that some vendors an eloit the oortunity to make roit by selling the suort servie to oen soure sotare hose suort model is roven to be viable Thus, i the ommerial vendor s interrution ould kill the oen soure sotare vendor s suort business, then there ould be no motivation or suh business model Thus, it is imortant to eamine the viability o oen soure sotare suort model in the resene o ommerial vendor s otential threat The analysis in this setion is insired by the real-orld Linu suort servie market here ed Hat and ovell omete against eah other, and Orale enters ith eertise in sotare suort, hih allos Orale to bring loer marginal ost or suort than both oen soure vendors We investigate hether oen soure sotare suort model is viable under ometition against ommerial sotare suort eert We also eamine ho the interrution to a ertain oen soure suort model aets the ometition beteen eisting oen soure sotare vendors 44

We omare roits or the oen soure sotare vendors rom to dierent markets: duooly ithout Orale and oligooly ith Orale We irst eamine the duooly market here ed Hat and ovell are under ournot ometition, imlying that they omete or the sales level Then, e eamine an equilibrium oligooly model ith a sequential entry in hih three sotare vendors omete against eah other to sell the suort servie or oen soure sotare In the real-orld Linu suort servie market, ed Hat and ovell omete against eah other harging almost same ries or their suort servies Our senario is insired by hat has been haening in the Linu suort servie market,, and O in the subsrit denote ed Hat, ovell, and Orale resetively This oligooly model is grounded on the takelberg model here ed Hat and ovell hoose their sales levels irst, then Orale observes the sales levels by ed Hat and ovell, enters the market, and deides the sales level o the suort servie or ed Hat Linu Finally, ustomers hoose hether or not to buy suort servie, and rom hih rovider Our rimary ous is ed Hat s roit at equilibrium in both markets We investigate hether Orale move is ositive or negative on the ed Hat and ovell in order to veriy industry eerts argument on the viability o the ed Hat s business model uooly Market ithout Orale We start ith eamining the duooly market here ed Hat and ovell omete against eah other Let i denote the sales level, that is, the number o ustomers that a ustomer eets rom vendor i to have and i reresent the rie that vendor i sets u or its Linu suort servie eall that v is the value o the Linu sotare that haraterize and e assume that v is uniormly distributed on [0, ] denotes the intensity o netork eternality, imlying that high means high level o ustomer areiation o netork size In the sotare market, 45

ustomers oten enjoy additional beneit rom large netorks For eamle, more aliation sotare is available or the oerating system ith more users sine aliation sotare vendors have higher motivation Our model is grounded on the ournot model In the irst stage, both vendors deide the sales level, and in the seond, ustomers make their urhase deision: ed Hat or ovell or neither The eeted utility rom eah suort servie model is as ollos: u u v v ine the value o the Linu sotare is assumed to be idential, both the vendors ill have ositive sales only hen the olloing ondition holds: The above ondition says that the ries adjusted or the netork size must be idential in order or both vendors to have ositive sales Let φ be the ommon value o the adjusted ries, that is, φ eall that v is uniormly distributed on [0, ] Thus, the total market demand or Linu suort servie is φ, hih equals the total sales o both vendors, imlying that, at equilibrium, the ries must be set suh that φ The vendors oer the ries at equilibrium as ollos: In reality, the marginal ost or suort servie may be dierent aross the roviders Providing suort servie to an additional ustomer may inur ositive ost to the vendor Unlike marginal ost to rodue additional oy o sotare hih is oten negligible, it is reasonable to 46

47 assume ositive marginal ost or suort servie Let i denote the marginal ost or suort servie or vendor i Given the demand, rie, and the marginal ost, the roit or eah vendor is as ollos: π π ote that both ed Hat and ovell ant to set u the sales level at hih they maimize their eeted roit given their eetation about eah other s sales level Their roit maimization an be haraterized by the irst-order onditions: 0 0 π π olving the irst-order onditions leads to the ondition hih the equilibrium sales levels,, O must satisy as ollos: Let in the subsrit denote the duooly ase The equilibrium sales levels by ed Hat and ovell are: 4 4 At equilibrium in the duooly market, ed Hat and ovell make roit as ollos: π π

Oligooly Market ith Orale In this senario, e aim to model the real-orld Linu market here ed Hat and Orale sell the suort servie or ed Hat Linu and ovell rovides the servie or its on Linu We eamine the viability o the eisting suort servie model in the resene o a threat o an established sotare vendor ho is able to ut ost and loer rie We study the role o netork eternality eall that arameter denotes the strength o netork eternality in the Linu market Our model relets the vie o sotare eerts ho argue that Orale suort is not as good as ed Hat suort or ed Hat Linu by having arameter s hih reresents the quality deiieny o Orale suort servie omared to ed Hat This oligooly model is grounded on the takelberg model here vendors make deision on the sales level sequentially The struture o the game is as ollos In the irst stage, ed Hat and ovell hoose their sales levels hih are observed by Orale ho enters the market, and deides the sales level o the suort servie or ed Hat Linu in the seond stage In the inal stage, ustomers make their urhase deision ustomers eet utility rom eah vendor as ollos: u u u O v v v s O O O ote that ed Hat and Orale shares the same netork by roviding suort servie or the idential sotare ed Hat Linu hile ovell manages its on netork Given the idential value o the Linu sotare, all the vendors ill have ositive sales only hen the olloing ondition holds: s O O O The above ondition imlies that the ries adjusted or the netork size and quality deiieny must be same in order or all the three vendors to have ositive sales eall that φ be 48

49 the ommon value o the adjusted ries: s O O O φ The total market demand or Linu suort servie is, φ hih equals the total sales o the three vendors Thus, the ries must be set suh that O φ At equilibrium, the vendors oer the olloing ries: O O O O O O s Thus, the eeted roit or eah vendor is as ollos: O O O O O O O O O O O s π π π We eamine the otimal hoie o the outut level by Orale ho makes a deision in the seond stage ater observing the hoies made by ed Hat and ovell in the irst stage The irstorder ondition is 0 O O O O O O O s π The otimal level o sales by Orale is then O O s In the irst stage, both ed Hat and ovell make their sales level hoies simultaneously to maimize roits ed Hat s eeted roit at the Orale s sales level hoie in the seond stage beomes O O O s π

50 The irst-order ondition is 0 O s π olving the irst-order ondition leads to the ed Hat s otimal sales level equal to O s ovell s eeted roit at the Orale s sales level equals: - O O s π The irst-order ondition is then 0 - O s π The otimal sales level equals 4 O s Thus, the equilibrium sales levels,, O must satisy 4 O O O O s s s O in the suersrit denotes the oligooly ase olving or the above equations leads to the equilibrium sales levels by the three vendors in the market as ollos:

5 5 8 3 4 5 8 5 8 O O O O O O O O O s s s s s At equilibrium, the vendors make roits equal to O O O O O O O O O O O O O O O O O O O O O O O O O O O s π π π We eamine the viability o the Linu suort model rovided by ed Hat and ovell under the threat imosed by Orale by omaring duooly roit ith oligooly roit We visualize our indings in Figure 0 and Both igures illustrate ho eah vendor s roit varies ith the intensity o netork eternality Figure 0 shos the ase o small netork eternality and Figure visualizes the ase o large netork eternality We inlude duooly roit or ed Hat and ovell in both igures in order to use it as a baseline or omarison ith oligooly roits Both igures are based on the ase here Orale an ut the marginal ost or suort about hal o hat ed Hat and ovell send but the quality o Orale s suort is not as good as ed Hat and ovell

Figure 0 Proit and etork Eternality mall etork Eternality Figure 0 illustrates duooly roit or ed Hat and ovell and oligooly roit or the three vendors inluding Orale hen the intensity o netork eternality is lo, imlying that ustomers do not muh areiate the netork size This result is onsistent ith the vie that Orale move ill badly hurt ed Hat s business, elaining ed Hat stok lunge in hours ater Orale s announement We ind that ed Hat s roit dereases ith Orale in the market, ho sells the suort servie or the ed Hat Linu and that Orale makes thin but ositive roit margin, hih elains Orale s motivation to join the Linu suort servie market Orale s imat on ovell s business is not straightorard When the intensity o netork eternality is lo, ovell is also hurt by Orale move, imlying that ovell does not make as muh as it does in the duooly market ithout Orale Interestingly, hen netork eternality is relatively strong, ovell an be better o ith Orale in the market The very right side o igure shos that ovell s oligooly roit may eeed its duooly roit 5

Figure Proit and etork Eternality Large etork Eternality Our indings or the ase o large netork eternality are visualized in Figure Interestingly, our results suort industry eerts argument that Orale s selling suort or ed Hat Linu may hurt ed Hat s ometitor ovell ar orse by making ed Hat Linu as an industry standard Figure shos that ed Hat may make even higher roit ith Orale in the market than ithout Orale hen ustomers enjoy muh beneit rom a large netork When ustomers areiate netork size, it is valuable to have a large number o ustomers and to beome an industry standard Thus, hat ed Hat gains rom being suh an industry standard may eeed hat it loses rom having another ometitor, Orale as long as ed Hat maintains its sueriority in terms o servie quality or its on sotare in site o higher marginal ost than Orale Unlike in the ase o small netork eternality, Orale move hurt ovell s business badly in the resene o large netork eternality ine ustomers enjoy muh beneit rom a netork, they may hoose ed Hat or Orale over ovell ho manages its on indeendent and inomatible netork Among those ustomers ho hoose ed Hat Orale netork, ustomers 53

ho value quality more than rie ill hoose ed Hat hile others ho are onerned more about rie than quality ill buy rom Orale Our indings are very interesting in the sense that an oen soure sotare vendor ho makes money ith selling suort servie may beome more suessul hen it has a strong ometitor ho has ost advantage Our results imly that the start-u omanies ho think about making money ith selling suort servie or oen soure sotare hose soure ode is ublily available do not need to be disouraged by the otential threat o the large established sotare vendors ho may ant to target its on business model As long as tehnial sueriority is maintained and ustomers value the size o the netork, the suort servie model is viable desite the threat o large sotare vendors ho are able to ut the ost greatly 48 onlusion In this aer, e omare three dierent sotare riing mehanisms: ommerial sotare, oen soure dual-liensing, and oen soure sotare suort We start ith eamining the otimal riing strategies o a sotare vendor ith eah riing sheme under monooly We ind that the monooly rie or oen soure sotare under dual-liensing is higher than the ommerial sotare rie, hene higher roit, i total leibility beneit or the high-tye ustomers eeeds total suort ost or the lo-tye ustomers With a suort model, the oen soure vendor harges or suort at higher rie than the ommerial sotare rie, but it makes a loer roit than the ommerial sotare vendor Then e investigate hether the oen soure sotare vendor reers one riing mehanism over the other in the monooly market Our result shos that the dual-liensing model is more roitable hen the dierene 54

beteen leibility beneit and suort ost is high Otherise, the suort model is reerred We identiy the ators that aet the oen soure sotare vendor s deision We etend our model to a duooly ometition setting In a market ith ometition beteen a ommerial sotare vendor and an oen soure sotare vendor ith a dualliensing model, the oen soure sotare vendor serves high-tye ustomers only by harging more than the ommerial sotare vendor that overs lo-tye segment only Our result suorts the viability o the dual-liensing model or the oen soure sotare in the resene o ometition When there is a ometition beteen a ommerial sotare vendor and an oen soure sotare vendor ith a suort model, the ommerial sotare vendor ometing against the oen soure suort model harges a rie equal to the oen soure vendor s marginal ost o suort With this riing strategy o the ommerial sotare vendor, the suort model brings zero roit to the oen soure sotare vendor We eamine the viability o the oen soure suort model hen the oen soure sotare quality is dierent rom ommerial sotare quality Interestingly, e ind that the oen soure sotare suort model is viable in the resene o quality asymmetry no matter hether the quality o the oen soure sotare is higher or loer than the ommerial sotare Even hen the oen soure sotare rovides loer quality, the suort model is roitable This an be elained as market eansion o the ommerial sotare vendor When both vendors oer the same quality sotare the high-tye ustomers have no inentive to buy the ommerial sotare sine the oen soure sotare is ree and they do not need any suort Hoever, hen the ommerial sotare is suerior to the oen soure sotare, some high-tye ustomers may buy the ommerial sotare, imlying that the ommerial sotare vendor an target suh hightye ustomers as ell 55

With a generalized model, e urther study ometition beteen ommerial and oen soure sotare, motivated by hat haens in the real-orld database and oerating systems markets We model the dierent soures o the beneit rom dierent oen soure sotare and assume that suort ost may inur to both tyes o ustomers We set u a to-eriod game to study the role o sithing ost that ustomers ae hen they sith rom established ommerial sotare to oen soure sotare We ind that neither the dual-liensing nor the suort model is roitable in the resene o large sithing ost that ustomers must inur to sith aay rom ommerial sotare When the sithing ost is loer than a ertain threshold, sotare vendors slit the market in the seond eriod in a ay that the ommerial sotare serves lo-tye ustomers and the oen soure sotare vendor overs high-tye segment Interestingly, e ind that the oen soure sotare ith suort may dominate the market in the seond eriod hen the vendor indeendene beneit eeeds sithing ost Finally, e eamine the oen soure sotare suort servie market here the oyright to the soure ode is ublily oned and anyone an sell the suort servie or the same oen soure sotare Insired by the real-orld Linu suort servie market here Orale sells suort servie or ed Hat Linu, e investigate hether an established sotare vendor s move like Orale hurts or hels an oen soure sotare servie rovider like ed Hat We ind that ed Hat s business model is hurt by Orale move in the resene o small netork eternality We also ind that ed Hat may be better o having Orale in the market in the resene o large netork eternality When ustomers valuation o the netork size is relatively high, Orale move hurts ovell hile it may hel ed Hat Our results suggest that the relatively ne sotare vendor ho has been suessul selling the suort servie or the oen soure sotare do not have to be disouraged by the threat rom large sotare vendors ho 56

may enter the market and sell the same suort servie as long as sueriority in terms o suort quality is maintained Our aer ontributes to the literature in the olloing ays First, this aer is the irst study that eamines the issue o riing oen soure sotare through an eonomi lens In site o the groing interest in the ommerial oen soure sotare among industry eerts and jurists, no aademi study has shon the viability o the riing models o or-roit oen soure sotare We identiy the ators that aet the viability o the riing models or oen soure sotare and ind the onditions under hih eah model an be suessul eond, our result an give riing guidelines to the oen soure sotare vendors, hih is not lear in the urrent state Finally, e model the motivation or and the barrier to oen soure adotion, hih rovides a better iture o the oen soure sotare market onsidering suh ators that are onsistent ith survey statistis, may allo us to better understand the issue o oen soure sotare 57

58 Aendi Proo o Proosition ote that } { s s Thus, i i s s < < > > The roit dierene is 4 } { 4 s π π ine, 0 s 0 s Thus, 0 i 0 > > s π π Thereore, i i s s π π π π < < > > The rie dierene beteen oen soure sotare suort and ommerial sotare is 0 > Thereore, > ote that 4 4 - π π The marginal ost is bounded by rie, ie Thereore, 0 < ine, 0 e have 0 < Thus, 0 4 4 - < π π Thereore, π π < QE Proo o Proosition ote that 4 } { 4 s π π

59 ine 0 > s and, π π > i > s π π < i < s QE Proo o Proosition 3 eall that a ustomer s utility rom ommerial sotare ould be v u By using oen soure sotare sold under a dual-liensing model, a high-tye and a lo-tye ustomer enjoys the olloing beneits: s v u v u L H Thus, the demands or ommerial and oen soure sotare rom high-tye and lo-tye ustomers are as ollos: High-Tye ustomers > < q q q H H H i 0 i i, > < i 0 i i, H H H q q q Lo-Tye ustomers > < s s q s q q L L L i 0 i i, > < i 0 i i, L L L s s q s q q

ote that the ommerial sotare vendor loses all the demand i it harges rie above s Thus, s, is a dominated strategy The ommerial sotare vendor ould harge rie at 0, s to guarantee the demand rom the ustomers in the lo-tye segment From the oen soure sotare vendor s ersetive, harging rie at suh that > is a dominated strategy sine suh riing ould lead to zero demand or the oen soure sotare vendor Thus, the oen soure sotare vendor ould harge rie at 0, and serve the high-tye ustomers I an equilibrium eists, at equilibrium, the ommerial sotare vendor uses a riing strategy to serve the lo-tye ustomer segment hile the oen soure sotare vendor serves the high-tye ustomer segment onsider the roit or the ommerial sotare vendor: π The otimization roblem or the ommerial sotare vendor is Maπ subjet to s π The irst-order ondition or π is 0, resulting in the roit-maimizing rie as s i i > s s The oen soure sotare vendor s roit ould be π The otimization roblem or the ommerial sotare vendor is Maπ subjet to 60

π The irst-order ondition or π is 0, leading to the otimal rie as i i > o, e investigate hether,, is a ash equilibrium onsider the ase hen the oen soure sotare vendor oers rie at We investigate hether the ommerial sotare vendor has inentive to deviate rom ine > 0 and s > 0, < s < uose that Then 0 Thus, the ommerial sotare vendor annot oer any rie belo, meaning that the ommerial sotare vendor annot serve any s ustomer in the high-tye segment ine is the rie that maimizes roit rom serving lo-tye segment, the ommerial sotare vendor has no inentive to deviate rom Thus, is a best resonse to o, suose that 0 < < Then > 0 In this ase, the ommerial sotare vendor has to hoies as belo: trategy : tay at and serve lo-tye ustomers only trategy : eviate to and serve both segments 6

enote π and π be the roit or the ommerial sotare vendor laying strategy and, resetively Then π π 4 4 I π, the ommerial sotare vendor has no inentive to deviate ote that π π π Thereore, is a best resonse to i o, e investigate is a best resonse o the oen soure sotare vendor to oered by the ommerial sotare uose that s The oen soure sotare vendor annot harge any rie suh that s < Thus, the oen soure sotare vendor annot serve any ustomer in the lo-tye segment ine is the otimal rie hen serving lo-tye ustomers only, the oen soure sotare vendor has no inentive to deviate rom Thus, is a best resonse to o, suose that 0 < s < Then s s > 0 Thus, the oen soure sotare vendor has to hoies as ollos: trategy : tay at and serve high-tye ustomers only trategy : eviate to s and serve both segments 6

63 enote π and π be the roit or the ommerial sotare vendor laying strategy and, resetively Then 4 } { } { 4 s s s s s s s π π ote that s s π π Thus, is a best resonse to i the olloing onditions hold: and 0 or < < s s s s Thereore,,, is a ash equilibrium hen and 0, or and < < s s s s QE Proo o Proosition 4 onsider the high-tye ustomers ine H u v v u <, high-tye ustomers alays hoose the oen soure sotare Thus, both vendors omete or the lo-tye segment only The demand or the ommerial and the oen soure sotare ould be > < L L L q q q i 0 i i, and > < i 0 i i, L L L q q q

ote that π π q q L L First, no vendor harges less than marginal ost to avoid making negative roit That is, 0 and eond, there annot be an equilibrium in hih both and are stritly above onsider the ase here > > Then the ommerial sotare vendor an obtain the entire demand and inreases its roit by harging at ε here ε is a small and ositive number I > >, the oen soure sotare vendor has an inentive to loer its suort harge to ε uose that > Both vendors still ant to loer their ries by ε so that they an inrease roit Finally, the ommerial sotare vendor an obtain the entire demand by harging ε The equilibrium ries an be obtained as The ommerial sotare has the hole market and the oen soure sotare vendor makes zero roit The roit or the ommerial sotare vendor ould be π q L When < <, the ommerial vendor harges its monooly rie Monooly and uooly π < π 4 4 Monooly QE Proo o Proosition 5 64

uose that > eall that { } and 4 4 ote that 4 4 [4 {4 [4 { } 8 }] 4{ }] ine > and 0, 4 > 0 ote that and 0 Thus, < 0 Thereore, > 0 ote that 4 4 {4 { 4 3 4 } 4 } ine 0, > 0, and 0 < <, > 4 > 0 and 3 > 0 Thereore, > 0 eall that the irst-order ondition or the ommerial sotare vendor s roit is π 0 Thus, Let δ be the dierene beteen the ommerial sotare rie and the suort harge or oen soure, ie, δ Then δ 65

ine < and >, > 0 and > 0 We sho that > 0 Thereore, δ > 0 o suose that 0 < < ote that 7 4 and 7 4 4 3 Thus, { 7 4 4 } 7 4 7 4 Thereore, > 0 i 3 4 < and < 0 < 3 i 0 < < ote that 4 7 4 7 4 [7 4 { 5 3 4{ 3} 3 }] ine 5 < 0, < 0, and 3 < 0, < 0 QE Finally, > > Proo o Proosition 6 ase : High ithing ost > m t s H Assume that > m t s onsider the ommerial vendor s riing deision given the oen H soure sotare vendor s rie ote that m t sh > 0 or any sine > m t s Thus, the ommerial vendor an serve both high-tye and lo-tye H ustomers and dominate the market by harging and suh that < m t sh By harging ries slightly above, the ommerial sotare vendor looses the entire high-tye segment Thus, or any rie that the oen soure sotare 66

vendor harges, the ommerial sotare vendor s best resonse is to oer ries satisying < m t sh ine the oen soure sotare vendor knos hat the ommerial sotare vendor ill lay given its rie, the oen soure sotare vendor is indierent among any ries in a deined range When > m t s, the oen soure sotare vendor makes zero roit This game is similar to sequential mathing ennies game here the irst mover is indierent beteen to hoies This result has eonomi imliations First, onsider market entry o the oen soure sotare vendor uose that entering the market inurs ositive ost to the oen soure sotare vendor Then, the oen soure sotare vendor does not have any inentive to enter the market When the sithing ost arameter is H high > m t s and the entry is the hoie o the oen soure sotare vendor, the H ommerial sotare vendor lays riing strategy to set u an entry barrier so that it an enjoy monooly roit in both eriod and eriod o, suose that entry is not the oen soure sotare vendor s hoie Then an ininite number o equilibria eist onsider one among those equilibria, hih is, 0 and, suh that < m t sh This is atually the unique equilibrium o the simultaneous game here both the ommerial and the oen soure sotare vendors make their riing deisions in eriod at the same time The ommerial sotare vendor s roit is π q q Let d H m t s The otimization roblem is then H Maπ subjet to, d H The Lagrangean untion an be deined as 67

68,, H d L λ λ The Kuhn-Tuker onditions are 0 0 0 d H L L L λ λ λ From λ L, e have d H From L and L, 0 elaing in the above equation ith d H in the above equation leads to 0 4 3 3 3 0 H H H H H H d d d d d d olving the above equation gives the equilibrium ries as ollos: 4 3 4 3 3 H H H H H H H H d d d d d d d d ase : Lo ithing ost H s t m < Assume that H s t m < Then the oen soure sotare vendor harges d s t m H H so that it guarantees to serve high-tye ustomers and maimizes its roit ote that the O vendor s roit is

69 H d q π Then roit-maimizing rie is d H Ma ote that H H H H Ma d d d d eall that net beneit to high tye ustomer does not eeed sum o maimum ossible rodut value and maimum ossible sithing ost That is d H < Thereore, d H Ma > The O vendor s otimal rie is then d s H H H Then, the ommerial sotare vendor oers ries suh that L H L H s d s d, subjet to Ma π Let H H H s d olving or the subgame eret equilibrium leads to the olloing otimal ries: 3 3 3 3 s d s d s d s d s d s d s d s d s d s d s d L H L H L H L H L H L H L H L H L H L H L H d s t m H H QE Proo o Proosition 7

ote that a ustomer ill lay a strategy i the ustomer enjoys ositive utility: v > 0 and v > 0 omaring and O is not trivial A high-tye ustomer stays ith ommerial sotare in the seond eriod i earranging the above ondition leads to v v > v v k < k A lo-tye ustomer reers ommerial sotare to oen soure sotare in the seond eriod i hih an be reritten as v v > v v k < k ase : High ithing ost > k uose that > k Then k > 0 The ommerial sotare vendor an dominate the market in eriod i it lays a riing strategy suh that < k here is the rie or oen soure suort The oen soure sotare vendor annot harge any rie belo marginal ost, so the otimal rie is Ater observing the oen soure sotare vendor s rie or suort, the ommerial sotare vendor harges ries suh that The ommerial sotare vendor s roit is < k π q q The otimization roblem is then 70

7 subjet to Ma, k π The Lagrangean untion an be deined as,, k L λ λ The Kuhn-Tuker onditions are 0 0 0 k L L L λ λ λ From λ L, e have k From L and L, 0 elaing in the above equation ith k leads to 0 4 4 4 3 3 3 0 k k k k k k k k olving the above equation gives the equilibrium ries as ollos: } { 4} { 3 } { 4} { 3 3 k k k k k k k k ase : Medium ithing ost k k < < Assume that k k < < Then the oen soure sotare vendor harges rie suh that, k < hih guarantees the demand rom high-tye ustomers no matter hat ries

the ommerial sotare vendor harges uose that > k Then the oen soure sotare vendor annot lay a riing strategy to attrat the ustomers Thus, the equilibrium is the same as in the high sithing ost ase o, suose that < k Then the otimal rie or oen soure suort is k Ater observing the oen soure suort rie, the ommerial sotare vendor oers ries suh that < < k uh riing strategy allos the ommerial sotare vendor to serve the ustomers in the lotye segment ote that the ommerial sotare vendor s roit is π The otimization roblem is then Maπ subjet to, The Lagrangean untion an be deined as L,, λ λ The Kuhn-Tuker onditions are L L L λ 0 λ 0 λ 0 L From, e have From λ L L and, 0 7

73 elaing in the above equation ith leads to 0 3 olving the above equation gives the equilibrium ries as ollos: 3 3 3 3 ase 3: Lo ithing ost k < uose that the sale arameter or sithing ost, ie, maimum ossible sithing ost is loer than vendor indeendene beneit k < uose that k > Then it is trivial to sho that the equilibrium is the same as in high sithing ost ase o, assume that k k < < Then the oen soure sotare vendor an dominate the market or hightye ustomers by harging rie at k Thus, the result in medium sithing ost ase holds Finally, suose that k < In this ase, the oen soure sotare vendor dominates the entire market in eriod by harging rie k ine the ommerial vendor observes the O rie, it does not have any inentive to artiiate market in eriod onsequently, the ommerial sotare vendor maimizes its roit by harging monooly rie in the irst eriod This omletes roo o Proosition 7 QE

eerenes Bakos, Y, and Brynjolsson, E Bundling Inormation Goods: Priing, Proits and Eiieny, Management iene 45, 999, 63 630 Bhargava, H, and houdhary, V Inormation Goods and Vertial ierentiation, Journal o Management Inormation ystems 8, 00, 85 0 Broersma, M omanies Buy Oen oure Beause It s Better, ot heaer, Tehorld, Aril, 005 asadesus-masanell,, and Ghemaat, P ynami Mied uooly: A Model Motivated by Linu vs Windos, Management iene 57, 006, 07 084 hen, P, and Hitt, L Measuring ithing osts and Their eterminants in Internet Enabled Businesses: A tudy o the Online Brokerage Industry, Inormation ystems esearh 33, 00, 55-76 hen, Y, and Png, I Inormation Goods Priing and oyright Enorement: Welare Analysis, Inormation ystems esearh 4, 003, 07 3 houdhary, V, Ghose, A, Mukhoadhyay, T, and ajan, U Personalized Priing and Quality ierentiation, Management iene 57, 005, 0 30 huang, J, and irbu, M Otimal Bundling trategy or igital Inormation Goods: etork elivery o Artiles and ubsritions, Inormation Eonomis and Poliy, 999, 47 76 lemons, E, Hann, I, and Hitt, L, Prie isersion and ierentiation in Online Travel: An Emirial Investigation, Management iene 484, 00, 534 549 ean,, Jing, B, and eidmann, A Produt ustomization and Prie ometition on the Internet, Management iene 498, 003, 055 070 74

ean,, and Mendelson, H User elay osts and Internal Priing or a ervie Faility Management iene 36, 990, 50 57 Eonomides,, and Katsamakas, E To-ided ometition o Prorietary vs Oen Imliations or the otare Industry, Management iene 57, 006, 057 07 Eonomist Mirosot at the Poer Point, etember, 003 Fitzgerald, B, and Feller, J Oen oure otare: Investigating the otare Engineering, Psyhosoial and Eonomi Issues, Inorm ystems Journal 4, 00, 73 76 Flynn L, and Lohr, Giants in a eal over Linu, e York Times, ovember, 006 Franke,, and von Hiel, E atisying Heterogeneous User eeds via Innovation Toolkits: The ase o Aahe eurity otare, esearh Poliy 3, 003, 99 5 Ghosh, A Intervie ith Linus Torvalds: What Motivated Free otare eveloers?, First Monday 33, 998 Ghosh, A, Glott,, Krieger, B, and obles, G Free/Libre and Oen oure otare: urvey and tudy, International Institute o Inonomis, University o Maastriht, The etherlands, etrieved Marh 30, 00 Gloude, M Oen oure Usage Is U, But onerns Linger, Forrester esearh, June 3, 005 Gomulkieiz, W Entrereneurial Oen oure otare Hakers: MyQL and Its ual Liensing, omuter La evie and Tehnology Journal 9, 004, 03 Guta A, taul,, and Whinston A A tohasti Equilibrium Model o Internet Priing, Journal o Eonomi ynamis and ontrol, 997, 697 7 Hann, I, oberts, J, and laughter,, and Fielding, An Emirial Analysis o Eonomi eturns to Oen oure Partiiation, Working Paer 006-E5, Teer hool o Business, 75

arnegie Mellon University, Pittsburgh, PA, and Marshal hool o Business, University o outhern aliornia, Los Angeles, A Hertel, G, iedner, and Herrmann Motivation o otare eveloers in Oen oure Projets: An Internet-Based urvey o ontributors to the Linu Kernel, esearh Poliy 37, 003, 59 77 Hitt, L, and hen, P Bundling ith ustomer el-eletion: A imle Aroah to Bundling Lo Marginal ost Goods, Management iene 50, 005, 48 493 Kerner M Will Orale Linu Kill ed Hat?, internetnesom, Otober 6, 006 Kingstone, Brazil Adots Oen oure otare, June, 005 Learner, J, and Tirole, J The Oen oure Movement: Key esearh Questions, Euroean Eonomi evie 45 4 6, 00, 89 86 Lerner, J and J Tirole ome imle Eonomis o Oen oure, Journal o Industrial Eonomis 50, 00, 97-34 Makie-Mason J, and Varian H Priing ongestible etork esoures, IEEE Journal o eleted Areas in ommuniations 37, 995, 4-49 Marthy, V urvey: Finanial IT Ees ay Jury till Out Oen oure, OenEnterriseTrendsom, Marh 4, 006 Mendelson, H, and Whang, Otimal Inentive-omatible Priority Priing or the M/M/ Queue Oerations esearh 385, 990, 870 883 Mozar, L The Eonomis o ommerial Oen oure, Galatea Inormation trategies, 005 76

aghunathan,, Prasad, A, Mishra, B, and hang, H Oen oure Versus losed oure: otare Quality in Monooly and ometitive Markets, IEEE Transations on ystems, Man, and ybernetis Part A: ystems and Humans 356, 005, 903 98 aymond, E The athedral and the Bazaar: Musings on Linu and Oen oure by an Aidental evolutionary, O eilly & Assoiates, ebastool, A, 999 eid Forrester: More Firms Using Oen oure, ITWorldanadaom, Marh 7, 004 oberts, J, Hann, I, and laughter, Understanding the Motivations, Partiiation, and Perormane o Oen oure otare eveloers: A Longitudinal tudy o the Aahe Projets, Management iene 57, 006, 984 999 ossi, M A eoding the Free/Oen oure Puzzle A urvey o Theoretial and Emirial ontributions, Working Paer, iartimento i Eonomia Politia, Università degli tudi di iena, iena, Italy hah, Motivation, Governane, and the Viability o Hybrid Forms in Oen oure otare eveloment, Management iene 57, 006, 000 04 hores, Orale Announed the ame Enterrise lass uort or Linu as or Its atabase, Orale Press elease, Otober 5, 006 undararajan, A onlinear Priing o Inormation Goods, Management iene 50, 004, 660-673 Välimäki, M ual Liensing in Oen oure otare Industry, ystemes d Inormation et Management 8, 003, 63-75 Varian, H, and hairo, Linu Adotion in the Publi etor: An Eonomi Analysis, Working Paer, 003 Vaughan-ihols J Making Money rom Free otare, eweek, July 3, 005 77

von Hiel, E, and von Krogh, G Oen oure otare and the Private-olletive Innovation Model: Issues or Organization iene, Organization iene 3, 003, 09 33 Westland, ongestion and etork Eternalities in the hort un Priing o Inormation ystems ervies, Management iene 387, 99, 99 099 Wihmann, T Free/Libre and Oen oure otare: urvey and tudy, Berleon esearh GmbH, Berlin, Germany, 00 78

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information