An Economic Analysis of the Software Market with a Risk-Sharing Mechanism

Byung Cho Kim, Pei-yu Chen, and Tridas Mukhopadhyay
International Journal of Electronic Commerce,
Volume 14 Number 2, Winter 2009-10, pp. 7.

Abstract: Inadequate software security is blamed for poor network security when viruses and worms cause major disruptions. However, software vendors have little incentive to improve the security quality of their products because they are not directly liable for losses incurred due to poor security. The concept of software liability has been intensely discussed by computer scientists and jurists for years as a possible solution for improving software security. This paper examines a risk-sharing mechanism between a software vendor and its customers as a way to implement software liability. It considers both the software vendor’s incentive to share risks with customers and the question of whether risk-sharing leads to better software security. The model provides evidence of underprovided security quality under monopoly with complete information, as has been observed in the market. The policy implications of the risk-sharing mechanism and the possible impact of competition on software vendors’ incentive for risk-sharing are examined. Information asymmetry is found to be a key factor in voluntary risk-sharing under monopoly; the risk-sharing level can be a signal of unobservable security quality.

Key Words and Phrases: Economics of IS, information asymmetry, security policies, software liability, software security.