Low quality of software has been blamed for poor security of our computer networks as major viruses and worms exploit the vulnerabilities of such software. However, software vendors have no incentive to improve the quality of their products since they are not directly liable for any loss due to poor quality. Software liability has been intensely discussed among computer scientists and jurists for years as a possible solution for software quality improvement. This paper proposes a risk-sharing mechanism between software vendors and customers as a market-driven method to impose software liability. We consider two dimensions of software quality: functionality and security quality. We present an economic model of the software market with a risk-sharing mechanism, which takes into account the strategic interplay of risk-sharing and security quality of the software given a certain level of functionality. We then apply this model in different scenarios, and examine the implications of the risk-sharing mechanism in the context of cyber security. Our model provides evidence of under-provided security quality of software in the monopoly case, as has been observed in the market. We consider the feasibility and effectiveness of the risk-sharing mechanism under various scenarios, and find the conditions under which the proposed mechanism is promising.
Kim, Byung-Cho; Chen, Pei-Yu; and Mukhopadhyay, Tridas, "An Economic Analysis of the Software Market with a Risk-Sharing Contract" (2005). ICIS 2005 Proceedings. 30.