Questions about Economics of security

Short answers, pulled from the story.

What is the title of Ross Anderson's 2000 paper on information security?

Ross Anderson wrote a paper titled Why Information Security is Hard in the year 2000. He argued that security technology fails when incentives do not align with technical design.

When did Jean Camp and Wolfram publish their arguments at Harvard School of Government about security as a public good?

Jean Camp and Wolfram published arguments at Harvard School of Government in 2000 stating security is not a public good. They defined vulnerabilities as tradable goods with an associated negative externality value.

Who developed the Gordon-Loeb model for optimal information security investment?

Lawrence A. Gordon and Martin P. Loeb wrote the Economics of Information Security Investment document later in their research career. The resulting Gordon-Loeb model determines the optimal amount to invest to protect a given set of information.

Which organizations emerged six years after 2000 to trade security vulnerabilities?

Six years later markets emerged for these vulnerabilities involving iDEFENSE, ZDI, and Mozilla. These entities facilitated trading of vulnerabilities which were previously considered non-tradable assets.

What does Andrew Odlyzko identify as the opposite of privacy in economic terms?

Andrew Odlyzko authored Privacy and Price Discrimination to explain current American data practices. He found that the opposite of privacy is not anonymity but rather price discrimination in economic terms.

Read the full story about Economics of security →