Scholars@Duke
Journal cover image

Competition and patching of security vulnerabilities: An empirical analysis

Publication ,  Journal Article
Arora, A; Forman, C; Nandkumar, A; Telang, R
Published in: Information Economics and Policy
May 1, 2010
Published version (DOI)

We empirically estimate the effect of competition on vendor patching of software defects by exploiting variation in number of vendors that share a common flaw or common vulnerabilities. We distinguish between two effects: the direct competition effect when vendors in the same market share a vulnerability, and the indirect effect, which operates through non-rivals that operate in different markets but nonetheless share the same vulnerability. Using time to patch as our measure of quality, we find empirical support for both direct and indirect effects of competition. Our results show that ex-post product quality in software markets is not only conditioned by rivals that operate in the same product market, but by also non-rivals that share the same common flaw. © 2009 Elsevier B.V. All rights reserved.

Duke Scholars

Ashish Arora
Author Ashish Arora Fuqua School of Business
Altmetric Attention Stats
Dimensions Citation Stats

Published In

Information Economics and Policy

DOI

10.1016/j.infoecopol.2009.10.002

ISSN

0167-6245

Publication Date

May 1, 2010

Volume

22

Issue

2

Start / End Page

164 / 177

Related Subject Headings

  • Economics
  • 4407 Policy and administration
  • 3801 Applied economics
  • 1605 Policy and Administration
  • 0807 Library and Information Studies
  • 0806 Information Systems
 

Citation

APA
Chicago
ICMJE
MLA
NLM
Arora, A., Forman, C., Nandkumar, A., & Telang, R. (2010). Competition and patching of security vulnerabilities: An empirical analysis. Information Economics and Policy, 22(2), 164–177. https://doi.org/10.1016/j.infoecopol.2009.10.002
Arora, A., C. Forman, A. Nandkumar, and R. Telang. “Competition and patching of security vulnerabilities: An empirical analysis.” Information Economics and Policy 22, no. 2 (May 1, 2010): 164–77. https://doi.org/10.1016/j.infoecopol.2009.10.002.
Arora A, Forman C, Nandkumar A, Telang R. Competition and patching of security vulnerabilities: An empirical analysis. Information Economics and Policy. 2010 May 1;22(2):164–77.
Arora, A., et al. “Competition and patching of security vulnerabilities: An empirical analysis.” Information Economics and Policy, vol. 22, no. 2, May 2010, pp. 164–77. Scopus, doi:10.1016/j.infoecopol.2009.10.002.
Arora A, Forman C, Nandkumar A, Telang R. Competition and patching of security vulnerabilities: An empirical analysis. Information Economics and Policy. 2010 May 1;22(2):164–177.
Journal cover image

Published In

Information Economics and Policy

DOI

10.1016/j.infoecopol.2009.10.002

ISSN

0167-6245

Publication Date

May 1, 2010

Volume

22

Issue

2

Start / End Page

164 / 177

Related Subject Headings

  • Economics
  • 4407 Policy and administration
  • 3801 Applied economics
  • 1605 Policy and Administration
  • 0807 Library and Information Studies
  • 0806 Information Systems