Abstract

https://ssrn.com/abstract=894966
 
 

References (14)



 
 

Citations (1)



 


 



Pricing Security: Vulnerabilities as Externalities


L. Jean Camp


Indiana University Bloomington - School of Informatics and Computing

Catherine D. Wolfram


University of California, Berkeley - Economic Analysis & Policy Group; National Bureau of Economic Research (NBER)


Economics of Information Security, Vol. 12, 2004

Abstract:     
We argue that provision of computer security in a networked environment is an externality and subject to market failures. However, regulatory regimes or a pricing schemes can causes parties to internalize the externalities and provide more security. The current mechanisms for dealing with security are security analysis firms; publications of vulnerabilities; the provision of emergency assistance through incident response teams; and the option of seeking civil redress through the courts. The overall effectiveness of these mechanisms is questionable. The foundation of environmental economics supports building a market as a solution to the problem of widespread vulnerabilities. In this work we propose a market for vulnerability credits.

This paper is a first step to developing a pricing scheme for vulnerabilities to increase infrastructure security. We begin by arguing that security is an externality and one which could be priced. We examine security taxonomies in terms of their usefulness for pricing security vulnerabilities. We discuss the parallel with pricing pollution. We address the issue of jump-starting the market. Regulatory mechanisms for collection are not extensively addressed, although pricing without payment is meaningless, the problem must be parsed to be solvable.

Number of Pages in PDF File: 14

Keywords: trust, security, privacy, e-commerce

JEL Classification: A1, A12, A19, D19, D62, H23, K1, L96, L63


Open PDF in Browser Download This Paper

Date posted: April 5, 2006  

Suggested Citation

Camp, L. Jean and Wolfram, Catherine D., Pricing Security: Vulnerabilities as Externalities. Economics of Information Security, Vol. 12, 2004. Available at SSRN: https://ssrn.com/abstract=894966

Contact Information

L. Jean Camp (Contact Author)
Indiana University Bloomington - School of Informatics and Computing ( email )
901 E 10th St
Bloomington, IN 47401
United States
Catherine D. Wolfram
University of California, Berkeley - Economic Analysis & Policy Group ( email )
Berkeley, CA 94720
United States
National Bureau of Economic Research (NBER)
1050 Massachusetts Avenue
Cambridge, MA 02138
United States
Feedback to SSRN


Paper statistics
Abstract Views: 2,882
Downloads: 476
Download Rank: 45,451
References:  14
Citations:  1