Speaker(s): Tunay Tunca (Stanford)

Title:      Network Software Security and User Incentives (joint work with Terrence August)

Abstract:
We study the effect of user incentives in software security on a network of individual consumers under costly patching. We find the unique consumer market equilibrium and show that it is characterized by two active groups of consumers; namely the users who employ and patch the software and the users who employ but do not patch the software and consequently cause negative security externalities on the network. We then examine mechanisms for a vendor or a social planner to improve network security and increase expected profit and social welfare under
vendor offered software and freeware regimes, respectively. We show that mandatory patching policies are not helpful and generally decrease vendor profits and social welfare. Patching rebates can increase vendor profits and social welfare but they can be ineffective when patching costs are high and may not be helpful in increasing social welfare when the product is freeware. Usage taxes can be quite potent in increasing social surplus for freeware and are more effective than patching rebates in general. Our results suggest that network security and the value generated from software can be significantly improved by mechanisms that target user incentives to maintain software security.