 Crumbling bridges: The failed economics of software maintenanceJc Herz
Cyber Security: A Peer-Reviewed Journal, 2024, vol. 8, issue 2, 150-159 Abstract: This paper defines a microeconomic framework for understanding systemic failure in cyber security as market failure. In a marketplace with limited supply chain transparency on software quality in general and software maintenance in particular, rational actors — both software vendors and software buyers — will maximise economic returns by minimising software maintenance and security. As technical debt accrues, so does vulnerability and operational risk, as systems become more difficult to update. In this regard, the depreciation of resilience in software infrastructure is similar to the breakdown of physical infrastructure that is chronically undermaintained, but with the added element of adversarial profit. These problems cannot be solved at the computer science level that created them. They can only be solved as a business problem, as transparency requirements (eg software bill of materials [SBOMs]) and automation slash the cost of diligence, enable preferential selection of higher-quality software and continuous enforcement of terms and conditions for active maintenance. Keywords: software supply chain; SCRM; C-SCRM; vulnerability management; end of life; compliance; procurement (search for similar items in EconPapers) Downloads: (external link) Related works: Export reference: BibTeX RIS (EndNote, ProCite, RefMan) HTML/Text Persistent link: https://EconPapers.repec.org/RePEc:aza:csj000:y:2024:v:8:i:2:p:150-159 Access Statistics for this article More articles in Cyber Security: A Peer-Reviewed Journal from Henry Stewart Publications |
Is your work missing from RePEc? Here is how to contribute.
Questions or problems? Check the EconPapers FAQ or send mail to .
EconPapers is hosted by the
School of Business at Örebro University.