Prediction market may help foresee computer security incidents

Are the world’s leading IT security experts willing to put money on their predictions about upcoming events? We’ll soon find out.

Brian Kriebs, writing in MIT Technology Review, says researchers are planning to pilot a “prediction market” that may be able to anticipate computer systems breaches or security-related events before they occur.

Prediction markets come up with likely scenarios based on financial investments by participants, based on the thinking that market mechanisms, such as the stock market, can spot underlying trends. Probably the best-known examples of public prediction market are InTrade, and ForesightExchange, in which participants can place wagers on elections, economic conditions, or even wars. This could also be described as a form of crowdsourcing.

The proposed information systems security market seeks to involve a network of up to 250 experts to make their predictions on likely security events:

“Some of the stocks being considering cover a few months, such as: ‘The volume of spam e-mail will increase by 10 percent in the third quarter of 2011.’ Others will ask participants to gauge the likelihood of far-off events, such as the chance that the U.S. House of Representatives will pass a bill with ‘cyber’ and ’security’ in its title in the first session of the 112th Congress, or whether broadly used encryption algorithms will be defeated within the next 24 months.”

Greg Shannon, chief scientist of the CERT program at Carnegie Mellon’s Software Engineering Institute, calls it “leveraging the wisdom of the security community.”

(Photo Credit: Wikipedia.)

Cross-posted at SmartPlanet Business Brains.