Software security is an increasingly serious concern for users and ultimately impacts software firms’ choice of open source or closed source business models. However, the studies in this area are scarce, if not absent. This paper examines whether a software firm chooses open source or closed source in a competitive market when software security is taken into account. I construct a game-theoretic model in which two competitive firms first formulate their business models and then charge their prices for software products. I find that due to security concerns, two symmetric firms may choose a heterogeneous business model, in which one firm chooses open source and the other chooses closed source when the return of open source remains moderate. The two symmetric firms may be trapped in a prisoner’s dilemma with a moderate-high return of open source in which their equilibrium choices of business model, open source, lead to lower profits than when they switch to closed source. For two asymmetric firms in which only one has security concerns in its software products, I reveal that with a moderate return of open source, this firm follows closed source and the other without security concern employs open source. Interestingly, there never exists the other heterogeneous business model in equilibrium.
