To disclose or not? An analysis of software user behavior |
| |
| Affiliation: | 1. School of Petroleum Engineering, China University of Petroleum (East China), Qingdao, China;2. PetroChina Coalbed Methane Company Limited, Beijing, China;1. Institute of Telecommunications Management, National Cheng Kung University, Tainan, Taiwan, R.O.C;2. Department of Transportation and Communication Management Science, National Cheng Kung University, Tainan, Taiwan, R.O.C |
| |
| Abstract: | We address the ongoing debates over disclosing information about software vulnerabilities through an open public forum. A game-theoretic approach is used to show that full public disclosure can be an equilibrium strategy in a game played by rational loss-minimizing agents. We provide conditions under which full disclosure of vulnerabilities improves social welfare and analyze the effect of vendor and product characteristics, as well as the composition of the pool of software users on the decisions to disclose. We also provide conditions under which user threats to vendors to disclose after a grace period or users’ ability to develop fixes themselves further improve welfare. The likelihood that user-developed fixes improve welfare increases with user familiarity with the details of software, providing an argument for “open source” software. |
| |
| Keywords: | |
| 本文献已被 ScienceDirect 等数据库收录! |
|
