Overcoming Impediments to Information Sharing

When deciding whether or not to disclose a software vulnerability, firms first think of their private welfare. Competitors may create a barrier to information sharing out of fear of degradation—meaning sharing private information benefits their rival and costs them a competitive edge. Firms may refuse to share information when they believe refusal to do so is more deleterious for their rivals than for themselves, thus creating a competitive advantage. Managers may also be biased toward the status quo and risk-aversion by not notifying the public of vulnerabilities. Third, the paper suggests when information sharing may actually be sub-optimal. The article concludes by suggesting how the alignment of private welfare considerations and social optimality can be promoted.