Are Hackers Inefficient?

You may also like...

7 Responses

  1. Ken Rhodes says:

    There is *absolutely no doubt* that the great majority of hacking is terribly inefficient, in the sense that you are using the term.

    The ECMH is absurd. “The market” (not the underlying concept of “investment”) is a zero-sum game. If nobody could consistently beat the market, then nobody could consistently lose to the market. Believe that???

    The absurdity, of course, relates to the theme of another of my favorite blogs: “Everyone is entitled to his own opinion, but not his own facts.” The ECMH states, in essence, that the facts are all there is, and there is no relevance to opinions (i.e., interpreting the facts). Believe that???

    In re hackers and hacking, of course, the same rule applies: If everyone (i.e., “the market”) has full information, that’s still a long way from saying everyone will reach the same conclusions, or gain the same benefit from that information. Furthermore, the capital market is hundreds of years old, and yet we still have lots of folks doing a mediocre job there, and a few doing much better. The “hacking market” is still in its figurative infancy. A hundred years from now we should revisit the question of how it’s doing.

  2. PrometheeFeu says:

    @Peter Swire:

    I’m not sure why you would conclude that hackers are inefficient just because it takes time to identify vulnerabilities and develop exploits.

    The long wait followed by quick bursts of activities actually makes a lot of sense in an efficient market. Consider earnings reports. Nobody knows what they are for months at a time. Then suddenly, they are released and prices respond quasi-instantly. Yet, the capital markets are not considered inefficient just because the earnings reports take time to be made public.

  3. PrometheeFeu says:

    @Ken Rhodes:

    Can you please substantiate your claim that capital markets are a zero-sum game?

  4. Peter Swire says:

    My principal claim is that the huge ECMH literature (hundreds of academic papers) provides a useful source of ideas and analogies for the analysis of the economics of hacking. Investors and hackers are both trying to beat the market. There is a range of views about when & whether it is possible to beat the market. So computer security researchers can do thought experiments and think through empirical work by learning from the analogous, well-developed literature.

    On the idea that capital markets is a zero-sum game, that is the usual assumption of economists in the following sense — if someone wins $10 by buying a call option that works out, then someone else loses by selling that call option. By contrast, the overall effects of capital markets are not zero sum — well designed capital markets have many positive externalities, while corrupt/malfunctioning/badly run capital markets have negative externalities.

  5. PrometheeFeu says:

    @Peter Swire:

    I strongly agree. I have found the EMH to be useful guide in thinking about many topics and I am sure it applies here. My claim was rather that the hacking market seemed very efficient.

    As for capital markets being zero-sum, I beg to differ. A major function of capital markets is to intermediate between actors with different risk preferences. This could hardly be described as an externality. Sure, a purely speculative capital market would be a zero-sum game, but I don’t think those actually exist. Most capital markets were after all created as risk management tools.

  6. Peter Swire says:

    On capital markets and zero-sum, there are many ways that well organized capital markets provide benefits in lots of ways.

    The zero-sum claim is sustainable, though, in the specific sense that someone who gains from a market move has zero sum with another party who loses from that market move.

  7. PrometheeFeu says:

    @Peter Swire:

    I don’t disagree that you can define a capital markets game in a very narrow sense to find a zero-sum game. But then again, you can do that with any trade. (even apricots have price movements) Yet, we generally agree that most trade is a positive-sum game.

    Either way, your idea to apply the EMH to hacking is an interesting one.