The Law and Economics of Software Security

By Hahn, Robert W.; Layne-Farrar, Anne | Harvard Journal of Law & Public Policy, Fall 2006 | Go to article overview

The Law and Economics of Software Security


Hahn, Robert W., Layne-Farrar, Anne, Harvard Journal of Law & Public Policy


INTRODUCTION
I   AN OVERVIEW OF SOFTWARE SECURITY
    A. What is Software System Security?
       1. Types and Methods of Attack
       2. Types of Damage
    B. Identifying Cyber-Criminals and
       Their Motivations
II. THE ECONOMICS OF SOFTWARE
    SYSTEM SECURITY
    A. A Framework for Evaluating Software
       System Security
    B. The Economic Costs and Damages
       Involved
       1. Measuring the Loss
       2. Measuring Prevention Efforts
    C. The Underlying Market Failures
       1. Key Market Failures
       2. Are the Market Failures Significant?
III. THE LAW OF SOFTWARE SYSTEM SECURITY
    A. Assigning Liability
    B. Recent Software System Security
       Legislation
IV. THE FUTURE OF SOFTWARE SYSTEM SECURITY
    A. Regulating Software Developers
    B. Regulating Software Users
    C. Regulating Cyber Weapons
    D. Government Leading by Example
    E. Voluntary Corporate Actions
    F. Cyber Insurance
V. CONCLUSION

INTRODUCTION

Security in software networks relies on a complex mixture of technology, law, and economics. The considerable press surrounding security issues, the spread of worms and viruses on the internet, the possible link between identity theft and terrorism, and the penetration of online financial databases, attests to the subject's growing significance.

As the costs of software security breaches become more apparent, there has been a greater interest in developing and implementing solutions for different aspects of the problem. For example, the information technology community is prodigiously developing new fixes, ranging from gate-keeper protections to procedures for constructing more secure software. Increasingly, the federal government is paying more attention to this issue, particularly in the realm of online terrorism. (1) Additionally, there are numerous pending bills that would increase penalties for different kinds of cyber crime. (2)

Scholars address the software security problem from several different angles. (3) Most research in this area, however, focuses on discrete elements of the problem. Some scholars selectively focus on technical fixes that could help alleviate the problem, (4) whereas others examine the underlying institutions and incentives that shape consumer, business, and government responses. For example, Professor Randal Picker considers the issue from a structural point of view, asking whether a technological "monoculture" really weakens security. (5) He concludes that the security offered by having different technological platforms is not necessarily greater; indeed, sometimes the a diversity of platforms can create serious problems of its own. (6) In contrast, Douglas Barnes examines how policymakers could reduce the prevalence of viruses and worms by "deworming" the internet. (7) He suggests assigning some liability to both software developers and software users. (8) Finally, Kevin Pinkney analyzes how to overcome what he views as software developers' failure to provide secure code. (9) He too would assign some liability to developers but would allow ex post corrections to mitigate that liability. (10)

Although most research in this area is focused on discretely embedded elements, the security problems dealt with are not precisely defined, and researchers assume the problems are already well understood. (11) Similarly, many articles presume the particular issue they address is a serious problem in economic terms without specifically considering the total quantitative losses in more than a few incidents.

This Article seeks to address these gaps by presenting a comprehensive assessment of the software security issue using a law and economics framework. We begin by providing a definition of software security that illustrates the complexity of the problem. We then review and critique the literature that assesses the costs of software security. Finally, we evaluate a number of possible approaches for addressing security problems using a law and economics framework. …

The rest of this article is only available to active members of Questia

Sign up now for a free, 1-day trial and receive full access to:

  • Questia's entire collection
  • Automatic bibliography creation
  • More helpful research tools like notes, citations, and highlights
  • Ad-free environment

Already a member? Log in now.

Notes for this article

Add a new note
If you are trying to select text to create highlights or citations, remember that you must now click or tap on the first word, and then click or tap on the last word.
One moment ...
Default project is now your active project.
Project items

Items saved from this article

This article has been saved
Highlights (0)
Some of your highlights are legacy items.

Highlights saved before July 30, 2012 will not be displayed on their respective source pages.

You can easily re-create the highlights by opening the book page or article, selecting the text, and clicking “Highlight.”

Citations (0)
Some of your citations are legacy items.

Any citation created before July 30, 2012 will labeled as a “Cited page.” New citations will be saved as cited passages, pages or articles.

We also added the ability to view new citations from your projects or the book or article where you created them.

Notes (0)
Bookmarks (0)

You have no saved items from this article

Project items include:
  • Saved book/article
  • Highlights
  • Quotes/citations
  • Notes
  • Bookmarks
Notes
Cite this article

Cited article

Style
Citations are available only to our active members.
Sign up now to cite pages or passages in MLA, APA and Chicago citation styles.

(Einhorn, 1992, p. 25)

(Einhorn 25)

1

1. Lois J. Einhorn, Abraham Lincoln, the Orator: Penetrating the Lincoln Legend (Westport, CT: Greenwood Press, 1992), 25, http://www.questia.com/read/27419298.

Cited article

The Law and Economics of Software Security
Settings

Settings

Typeface
Text size Smaller Larger Reset View mode
Search within

Search within this article

Look up

Look up a word

  • Dictionary
  • Thesaurus
Please submit a word or phrase above.
Print this page

Print this page

Why can't I print more than one page at a time?

Full screen

matching results for page

Cited passage

Style
Citations are available only to our active members.
Sign up now to cite pages or passages in MLA, APA and Chicago citation styles.

"Portraying himself as an honest, ordinary person helped Lincoln identify with his audiences." (Einhorn, 1992, p. 25).

"Portraying himself as an honest, ordinary person helped Lincoln identify with his audiences." (Einhorn 25)

"Portraying himself as an honest, ordinary person helped Lincoln identify with his audiences."1

1. Lois J. Einhorn, Abraham Lincoln, the Orator: Penetrating the Lincoln Legend (Westport, CT: Greenwood Press, 1992), 25, http://www.questia.com/read/27419298.

Cited passage

Thanks for trying Questia!

Please continue trying out our research tools, but please note, full functionality is available only to our active members.

Your work will be lost once you leave this Web page.

For full access in an ad-free environment, sign up now for a FREE, 1-day trial.

Already a member? Log in now.