The Economics of Developing Security Embedded Software
Market models for software vulnerabilities have been disparaged in the past citing how these do little to lower the risk of insecure software. In this paper, the authors argue that the market models proposed are flawed and not the concept of a market itself. A well-defined software risk derivative market would improve the information exchange for both the software user and vendor removing the often touted imperfect information state that is said to believe the software industry. In this way, users could have a rational means of accurately judging software risks and costs and as such the vendor could optimally apply their time between delivering features and averting risk in a manner demanded by the end user.