We present an economic model of fixing or patching a software problem after the product has been released in the market. Specifically, we model a software firm’s trade-off in releasing a buggy product early and investments in fixing it later. We first show that patching investments and time to...

We present an economic model of fixing or patching a software problem after the product has been released in the market. Specifically, we model a software firm’s trade-off in releasing a buggy product early and investments in fixing it later. We first show that patching investments and time to...

We empirically estimate the effect of competition on vendor patching of software defects by exploiting variation in number of vendors that share a common flaw or common vulnerabilities. We distinguish between two effects: the direct competition effect when vendors in the same market share a...

We present a model of fixing or patching a software problem after the product has been released in the market. Specifically, we model a software firm's trade-off in releasing a buggy product early and investments in fixing it later. Just as the marginal cost of producing software can be...

Software vulnerabilities represent a serious threat to cybersecurity, most cyberattacks exploit known vulnerabilities. Unfortunately, there is no agreed-upon policy for their disclosure. Disclosure policy (which sets a protected period given to a vendor to release the patch for the...

Software vulnerability disclosure refers to the publication of vulnerability information before a patch to address the vulnerability has been issued by the software vendor. It has generated intense interest and debate. In particular, there have been arguments made both in opposition to and in...