D. Acemoglu, A. Malekian, and A. Ozdaglar, Network security and contagion, Journal of Economic Theory, vol.166, pp.536-585, 2016.

F. Allen, Reputation and product quality, The RAND Journal of Economics, pp.311-327, 1984.

R. Anderson, Why cryptosystems fail, Proceedings of the 1st ACM Conference on Computer and Communications Security, pp.215-227, 1993.

R. Anderson, Why information security is hard-an economic perspective, Proceedings of the 17th Annual Computer Security Applications Conference, p.358, 2001.

R. Anderson, Closing the phishing hole-fraud, risk and nonbanks, Federal Reserve Bank of Kansas City-Payment System Research Conferences, pp.41-56, 2007.

R. Anderson, R. Böhme, R. Clayton, and T. Moore, Security economics and the internal market, 2008.

N. Archak and A. Sundararajan, Optimal design of crowdsourcing contests, p.200, 2009.

C. Argenton and J. Prüfer, Search engine competition with network externalities, Journal of Competition Law and Economics, vol.8, issue.1, pp.73-105, 2012.

A. Arora, J. P. Caulkins, and R. Telang, Research note-sell first, fix later: Impact of patching on software quality, Management Science, vol.52, issue.3, pp.465-471, 2006.

A. Arora, A. Nandkumar, and R. Telang, Does information security attack frequency increase with vulnerability disclosure? an empirical analysis, Information Systems Frontiers, vol.8, issue.5, pp.350-362, 2006.

A. Arora, R. Telang, and H. Xu, Optimal policy for software vulnerability disclosure, Management Science, vol.54, issue.4, pp.642-656, 2008.

A. Arora, C. Forman, A. Nandkumar, and R. Telang, Competition and patching of security vulnerabilities: An empirical analysis, Information Economics and Policy, 2010.

A. Arora, R. Krishnan, R. Telang, and Y. Yang, An empirical analysis of software vendors' patch release behavior: impact of vulnerability disclosure, Information Systems Research, 2010.

K. Arrow, Economic welfare and the allocation of resources for invention, The Rate and Direction of Inventive Activity: Economic and Social Factors, pp.609-626, 1962.

T. August and T. I. Tunca, Network software security and user incentives, Management Science, vol.52, issue.11, pp.1703-1720, 2006.

T. August and T. I. Tunca, Who should be responsible for software security? a comparative analysis of liability policies in network environments, Management Science, vol.57, issue.5, pp.934-959, 2011.

T. August, M. F. Niculescu, and H. Shin, Cloud implications on software network structure and security risks, Information Systems Research, vol.25, issue.3, pp.489-510, 2014.

Y. Beres, J. Griffin, S. Shiu, M. Heitman, D. Markle et al., Analysing the performance of security solutions to reduce vulnerability exposure window, pp.33-42, 2008.

V. Bier, S. Oliveros, and L. Samuelson, Choosing what to protect: Strategic defensive allocation against an unknown attacker, Journal of Public Economic Theory, vol.9, issue.4, pp.563-587, 2007.

R. Böhme, A comparison of market approaches to software vulnerability disclosure, International Conference on Emerging Trends in Information and Communication Security, pp.298-311, 2006.

R. Bohme and T. Moore, The iterated weakest link, IEEE Security & Privacy, vol.8, issue.1, pp.53-55, 2010.

K. Boudreau and K. Lakhani, How to manage outside innovation. MIT Sloan management review, vol.50, p.69, 2009.

K. J. Boudreau, N. Lacetera, and K. R. Lakhani, Incentives and problem uncertainty in innovation contests: An empirical analysis, Management science, vol.57, issue.5, pp.843-863, 2011.

E. Brousseau and T. Pénard, The economics of digital business models: A framework for analyzing the economics of platforms, Review of network Economics, vol.6, issue.2, 2007.
URL : https://hal.archives-ouvertes.fr/halshs-00169305

C. B. Cadsby, F. Song, and F. Tapon, Sorting and incentive effects of pay for performance: An experimental investigation, Academy of management journal, vol.50, issue.2, pp.387-405, 2007.

L. J. Camp and C. Wolfram, Pricing security, Proceedings of the CERT Information Survivability Workshop, pp.31-39, 2000.

P. Casas-arce and F. A. Martínez-jerez, Relative performance compensation, contests, and dynamic incentives, Management Science, vol.55, issue.8, pp.1306-1320, 2009.

H. Cavusoglu, H. Cavusoglu, and S. Raghunathan, Efficiency of vulnerability disclosure mechanisms to disseminate vulnerability knowledge, IEEE Transactions on Software Engineering, vol.33, issue.3, pp.171-185, 2007.

H. Cavusoglu, H. Cavusoglu, and J. Zhang, Security patch management: Share the burden or share the damage?, Management Science, vol.54, issue.4, pp.657-670, 2008.

H. Chesbrough, W. Vanhaverbeke, and J. West, Open innovation: Researching a new paradigm, 2006.

J. P. Choi, C. Fershtman, and N. Gandal, Network security: Vulnerabilities and disclosure policy, The Journal of Industrial Economics, vol.58, issue.4, pp.868-894, 2010.

C. W. Chow, The effects of job standard tightness and compensation scheme on performance: An exploration of linkages, The Accounting Review, vol.58, issue.4, p.667, 1983.

D. E. Chubin, State of the field the conceptualization of scientific specialties. The sociological quarterly, vol.17, pp.448-476, 1976.

J. S. Demski and G. A. Feltham, Economic incentives in budgetary control systems, Accounting Review, pp.336-359, 1978.

D. Dey, A. Lahiri, and G. Zhang, Hacker behavior, network effects, and the security software market, Journal of Management Information Systems, vol.29, issue.2, pp.77-108, 2012.

D. Dey, A. Lahiri, and G. Zhang, Quality competition and market segmentation in the security software market, Mis Quarterly, vol.38, issue.2, 2014.

T. Dohmen and A. Falk, Performance pay and multidimensional sorting: Productivity, preferences, and gender, American Economic Review, vol.101, issue.2, pp.556-90, 2011.

S. Domberger and A. Sherr, The impact of competition on pricing and quality of legal services, International Review of Law and Economics, vol.9, issue.1, pp.41-56, 1989.

B. Edwards, S. Hofmeyr, and S. Forrest, Hype and heavy tails: A closer look at data breaches, Journal of Cybersecurity, vol.2, issue.1, pp.3-14, 2016.

T. Eriksson and M. C. Villeval, Performance-pay, sorting and social motivation, Journal of Economic Behavior & Organization, vol.68, issue.2, pp.412-421, 2008.
URL : https://hal.archives-ouvertes.fr/halshs-00331753

D. D. Fehrenbacher, S. E. Kaplan, and B. Pedell, The relation between individual characteristics and compensation contract selection, Management Accounting Research, vol.34, pp.1-18, 2017.

M. Finifter, D. Akhawe, and D. Wagner, An empirical study of vulnerability rewards programs, Presented as part of the 22nd {USENIX} Security Symposium ({USENIX} Security 13), pp.273-288, 2013.

S. Frei, M. May, U. Fiedler, and B. Plattner, Large-scale vulnerability analysis, pp.131-138, 2006.

R. L. Fullerton and R. P. Mcafee, Auctionin entry into tournaments, Journal of Political Economy, vol.107, issue.3, pp.573-605, 1999.

E. Gal-or and A. Ghose, The economic incentives for sharing security information, Information Systems Research, vol.16, issue.2, pp.186-208, 2005.

S. M. Garcia and A. Tor, The n-effect: More competitors, less competition, Psychological Science, vol.20, issue.7, pp.871-877, 2009.

A. Gawer and M. A. Cusumano, Industry platforms and ecosystem innovation, Journal of product innovation management, vol.31, issue.3, pp.417-433, 2014.

D. Geer, R. Bace, P. Gutmann, P. Metzger, C. P. Pfleeger et al., Cyberinsecurity: The cost of monopoly, Computer and Communications Industry Association (CCIA), 2003.

L. A. Gordon and M. P. Loeb, The economics of information security investment, ACM Transactions on Information and System Security (TISSEC), vol.5, issue.4, pp.438-457, 2002.

L. A. Gordon, M. P. Loeb, W. Lucyshyn, and T. Sohail, The impact of the sarbanesoxley act on the corporate disclosures of information security activities, Journal of Accounting and Public Policy, vol.25, issue.5, pp.503-530, 2006.

C. Ioannidis, D. Pym, and J. Williams, Information security trade-offs and optimal patching policies, European Journal of Operational Research, vol.216, issue.2, pp.434-444, 2012.

J. A. Jacobs, In defense of disciplines: Interdisciplinarity and specialization in the research university, 2014.

M. C. Jensen, Paying people to lie: The truth about the budgeting process, European Financial Management, vol.9, issue.3, pp.379-406, 2003.

L. B. Jeppesen and K. R. Lakhani, Marginality and problem-solving effectiveness in broadcast search, Organization science, vol.21, issue.5, pp.1016-1033, 2010.

A. Jo, The effect of competition intensity on software security-an empirical analysis of security patch release on the web browser market, Proceedings of the 16th Annual Workshop on the Economics of Information Security, 2017.

K. Kannan and R. Telang, Market for software vulnerabilities? think again, Management Science, vol.51, issue.5, pp.726-740, 2005.

B. C. Kim, P. Chen, and T. Mukhopadhyay, An economic analysis of the software market with a risk-sharing mechanism, International Journal of Electronic Commerce, vol.14, issue.2, pp.7-40, 2009.

B. C. Kim, P. Chen, and T. Mukhopadhyay, The effect of liability and patch release on software security: The monopoly case, vol.20, pp.603-617, 2011.

J. H. Lala and F. B. Schneider, It monoculture security risks and defenses, IEEE Security & Privacy, vol.7, issue.1, pp.12-13, 2009.

W. M. Lam, Attack-prevention and damage-control investments in cybersecurity, Information Economics and Policy, vol.37, pp.42-51, 2016.

E. P. Lazear, Performance pay and productivity, American Economic Review, vol.90, issue.5, pp.1346-1361, 2000.

E. P. Lazear, The power of incentives, American Economic Review, vol.90, issue.2, pp.410-414, 2000.

T. X. Liu, J. Yang, L. A. Adamic, and Y. Chen, Crowdsourcing with all-pay auctions: A field experiment on taskcn, Management Science, vol.60, issue.8, pp.2020-2037, 2014.

T. Maillart, M. Zhao, J. Grossklags, and J. Chuang, Given enough eyeballs, all bugs are shallow? revisiting eric raymond with bug bounty programs, Journal of Cybersecurity, vol.3, issue.2, pp.81-90, 2017.

D. A. Matsa, Competition and product quality in the supermarket industry, The Quarterly Journal of Economics, vol.126, issue.3, pp.1539-1591, 2011.

M. J. Mazzeo, Competition and service quality in the us airline industry, Review of industrial Organization, vol.22, issue.4, pp.275-296, 2003.

G. Mcgraw and C. Cto, Exploiting software: How to break code, Invited Talk, Usenix Security Symposium, 2004.

S. Mitra and S. Ransbotham, Information disclosure and the diffusion of information security attacks, Information Systems Research, vol.26, issue.3, pp.565-584, 2015.

B. Moldovanu and A. Sela, The optimal allocation of prizes in contests, American Economic Review, vol.91, issue.3, pp.542-558, 2001.

D. Nizovtsev and M. Thursby, To disclose or not? an analysis of software user behavior, Information Economics and Policy, vol.19, issue.1, pp.43-64, 2007.

A. Ozment, Bug auctions: Vulnerability markets reconsidered, Third Workshop on the Economics of Information Security, pp.19-26, 2004.

J. Pénin, C. Hussler, and T. Burger-helmchen, New shapes and new stakes: a portrait of open innovation as a promising phenomenon, Journal of Innovation Economics Management, issue.1, pp.11-29, 2011.

C. Raasch, V. Lee, S. Spaeth, and C. Herstatt, The rise and fall of interdisciplinary research: The case of open source innovation, Research policy, vol.42, issue.5, pp.1138-1151, 2013.

S. Ransbotham, S. Mitra, and J. Ramsey, Are markets for vulnerabilities effective? Mis Quarterly, pp.43-64, 2012.

T. Rayna and L. Striukova, Involving consumers: the role of digital technologies in promoting 'prosumption'and user innovation, Journal of the Knowledge Economy, pp.1-20, 2016.

U. Ronnen, Minimum quality standards, fixed costs, and competition, The RAND Journal of economics, pp.490-504, 1991.

J. Salop and S. Salop, Self-selection and turnover in the labor market, The Quarterly Journal of Economics, pp.619-627, 1976.

S. E. Schechter, Quantitatively differentiating system security, The First Workshop on Economics and Information Security, pp.16-17, 2002.

B. Schneier, Managed security monitoring: Closing the window of exposure, 2000.

J. S. Silva and S. Tenreyro, On the existence of the maximum likelihood estimates in poisson regression, Economics Letters, vol.107, issue.2, pp.310-312, 2010.

G. Solon, S. J. Haider, and J. M. Wooldridge, What are we weighting for?, Journal of Human resources, vol.50, issue.2, pp.301-316, 2015.

R. Telang and S. , An empirical analysis of the impact of software vulnerability announcements on firm stock price. Software Engineering, IEEE Transactions on, vol.33, issue.8, pp.544-557, 2007.

O. Temizkan, R. L. Kumar, S. Park, and C. Subramaniam, Patch release behaviors of software vendors in response to vulnerabilities: An empirical analysis, Journal of management information systems, vol.28, issue.4, pp.305-338, 2012.

C. Terwiesch and Y. Xu, Innovation contests, open innovation, and multiagent problem solving. Management science, vol.54, pp.1529-1543, 2008.

H. Varian, System reliability and free riding, pp.1-15, 2004.

E. , V. Hippel, and G. Krogh, Open source software and the "private-collective" innovation model: Issues for organization science, Organization science, vol.14, issue.2, pp.209-223, 2003.

W. S. Waller and C. W. Chow, The self-selection and effort effects of standard-based employment contracts: A framework and some empirical evidence, Accounting Review, pp.458-476, 1985.

D. Waterman, Diversity and quality of information products in a monopolistically competitive industry, Information Economics and Policy, vol.4, issue.4, pp.291-303, 1990.

J. M. Wooldridge, Control function methods in applied econometrics, Journal of Human Resources, vol.50, issue.2, pp.420-445, 2015.

M. Zhao, J. Grossklags, and P. Liu, An empirical study of web vulnerability discovery ecosystems, Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security, pp.1105-1117, 2015.

M. Zhao, A. Laszka, and J. Grossklags, Devising effective policies for bug-bounty platforms and security vulnerability discovery, Journal of Information Policy, vol.7, pp.372-418, 2017.