Just One Minute
Balanced Fare: We Report, You Deride

Thursday, August 21, 2003

We Are Thinking Big Here - SoBig, In Fact

A Big Idea: inspired by the now-defunct "Futures on Terror", someone should attempt to set up a "Futures on Software Terror".

The goal will be to create a market predicting the activity of computer viruses. Contracts predict the OS to be attacked, the software to be attacked, and other such techie info. Participants can be anyone - college kids, system administrators across the country, hackers who want to bet on their own success and score a big payday when their virus hits, engineers at Microsoft or Symantec who want to earn a bit on the side (OK, that could be troubling). Anonymous participation would encourage more evil-doers into the market, which would be a good thing (some caveats below).

If participation were broad, the prices would probably provide useful information about what might be targeted next. It also would provide (weird) incentives on both sides of the aisle - hackers could target longshot vulnerabilities in hopes of a big score; system defenders watching the price and volume of the various contracts might get useful clues as to where the next attack is coming from. And some talented amateurs might decide to profit by engaging in "good guy" hackery, if there is a way for them to bet against a successful attack and then thwart it, perhaps by tipping the right folks at Microsoft.

So, the prices in this market really could reflect tacit knowledge, and provide useful signals (and incentives) for future activity.

That's it - the futures on software terror! There are obvious problems:

- The underlying activity may be illegal, and not all participants will want to get involved.

- Contract specifications could be difficult - what is a successful virus triggering a payoff, and who judges?

- As noted, the prices will themselves encourage activity. Some of this is good, but if the new market increases the quantity and quality of "black hats" developing viruses and betting on their own success, then I think we will say this was a bad idea. Right now the payoff to unleashing viruses seems to be bragging rights (and PC capture for spamming!) - why add cash to the mix? Offsetting that, if the good guys have better info, and amteur good guys emerge, the trade-off might be worth it.

Problems, problems. I bet they could be solved.

Comments: Post a Comment