Economic and Policy Implications of Restricted Patch Distribution
通过博弈模型研究限制补丁分发对软件厂商利润、市场份额及社会福利的影响,发现黑客策略性行为可能导致厂商提价并减少市场份额,甚至增加盗版用户。
In this paper, we study how restricting the availability of patches to legal users impacts the vendor’s profits, market share, software maintenance decisions, and welfare outcomes. Prior work on this topic assumes that the hacker’s effort is independent of the vendor’s decision to release the patch freely or not. Clearly, if the patch is not available to everyone, the hacker finds it easier to exploit the vulnerability in the product and, as a result, is likely to alter his effort. To understand the role of a strategic hacker, we build a game-theoretic model, where the hacker’s decision is endogenous. With this model, we find that the hacker’s effort may, on the one hand, decrease the utility that the vendor can extract from the consumers but, on the other hand, may help differentiate the legal version of the product from the pirated version. A vendor can strategically exploit the hacker’s behavior in its pricing and software maintenance decisions. The endogeneity of the hacker’s actions drives several of our findings that have interesting policy implications. For example, the vendor may increase the price and reduce market share to exploit the differentiation. In such a case, there may be more pirates in the restricted-patch case than when the patch is freely available, a result that runs counter to typical arguments provided for restricting patches. This paper was accepted by Chris Forman, information systems.