Network security: vulnerabilities and disclosure policy

JP Choi, Chaim Fershtman, N Gandal

Research output: Contribution to journalArticleAcademicpeer-review

19 Citations (Scopus)


Software security is a major concern for vendors, consumers and regulators. When vulnerabilities are discovered after the software has been sold to consumers, the firms face a dilemma. A policy of disclosing vulnerabilities and issuing updates protects only consumers who install updates, while the disclosure itself facilitates reverse engineering of the vulnerability by hackers. The paper considers a firm that sells software which is subject to potential security breaches and derives the conditions under which a firm would disclose vulnerabilities. It examines the effect of a regulatory policy that requires mandatory disclosure of vulnerabilities and a ‘bug bounty’ program.
Original languageEnglish
Pages (from-to)868-894
Number of pages27
JournalThe Journal of Industrial Economics
Issue number4
Publication statusPublished - 2010


Dive into the research topics of 'Network security: vulnerabilities and disclosure policy'. Together they form a unique fingerprint.

Cite this