Network Software Security and User Incentives (Research Seminar, December 9th, 2004) Tunay Tunca Stanford University Abstract We study the effect of user incentives in software security on a network of individual consumers. We find the unique consumer market equilibrium and show that it is characterized by two active groups of consumers, namely the users who employ and patch the software and the users who employ but do not patch the software and consequently affect network security negatively. We then examine mechanisms for a vendor or a social planner to improve network security and increase expected profit and social welfare under vendor offered software and freeware regimes, respectively. We show that mandatory patching policies are not helpful and generally decrease vendor profits and social welfare. Rebates can increase vendor profits and social welfare but they can be ineffective when the software is relatively secure and may not be helpful in increasing social welfare when the product is freeware. Usage taxes can be quite potent in increasing social surplus and are more effective than rebates in general. Our results suggest that network security and the value generated from software can be significantly improved by mechanisms that target user incentives to maintain software security. (joint work with Terrence August)