We present an economic model of fixing or patching a software problem after the product has been released in the market. Specifically, we model a software firm’s trade-off in releasing a buggy product early and investments in fixing it later. We first show that patching investments and time to...

We present an economic model of fixing or patching a software problem after the product has been released in the market. Specifically, we model a software firm’s trade-off in releasing a buggy product early and investments in fixing it later. We first show that patching investments and time to...

Software vulnerabilities represent a serious threat to cybersecurity, most cyberattacks exploit known vulnerabilities. Unfortunately, there is no agreed-upon policy for their disclosure. Disclosure policy (which sets a protected period given to a vendor to release the patch for the...

We present a model of fixing or patching a software problem after the product has been released in the market. Specifically, we model a software firm's trade-off in releasing a buggy product early and investments in fixing it later. Just as the marginal cost of producing software can be...

Software vulnerability disclosure refers to the publication of vulnerability information before a patch to address the vulnerability has been issued by the software vendor. It has generated intense interest and debate. In particular, there have been arguments made both in opposition to and in...