Economic and Policy Implications of Restricted Patch Distribution
Speaker
Abstract
Economic and Policy Implications of Restricted Patch Distribution |
In this paper, we study how restricting the availability of patches to legal users impacts vendor's profits, market share, software maintenance decisions, and welfare outcomes. Prior work on this topic assumes that hacker's effort is independent of the vendor's decision to release the patch freely or not. Clearly, if the patch is not available to everyone, the hacker finds it easier to exploit the vulnerability in the product and, as a result, is likely to alter his effort. In order to understand the role of a strategic hacker, we build a game-theoretic model, where the hacker's decision is endogenous. With this model, we find that the hacker's effort may, on one hand, decrease the utility that the vendor can extract from the consumers. On the other hand, it may help differerentiate the legal version of the product from the pirated version. A vendor can strategically exploit the hacker's behavior in its pricing and software maintenance decisions. The endogeneity of hacker's actions drives several of our findings that have interesting policy implications. For example, the vendor may increase the price and reduce market share in order to exploit the differentiation. In such a case, there may be more pirates in the restricted-patch case than when the patch is freely available, a result that runs counter to typical arguments provided for restricting patches. A government body that understands this trade-off may exert a different level of piracy prevention effort so that the vendor is incentivized to make decisions that improve social welfare. |