Dr. Craig Wright posted his research proposal on his blog:
Cracked, inSecure, and Generally Broken
The Summary:
For decades, information security practitioners have engaged in qualitatively derived risk practices due to the lack of a scientifically valid quantitative risk model. This has lead to both a misallocation of valuable resources with alternative uses and a corresponding decrease in the levels of protection for many systems.
Using a combination of modern scientific approaches and the advanced data mining techniques that are now available, this research effort is aimed at creating a game theoretic quantitative model for information systems risk that incorporates both contract theory and the methods developed within Behavioural Economics.
My favorite quote:
Contract Theory is used to explain the creation of agreements and “contracts” in the presence of information asymmetry. This is approached through the combination of adverse selection, moral hazards and the “signalling game”. In this, adverse selection is defined as the “Principal not having been informed of the other agent’s private information ex-ante” such as in George Akerlof’s “Market for lemons”. This application of game theory can be shown to explain many aspects of the software industries predisposition to create insecure software. [my emphasis]Possible solutions to the software insecurity problem will be approached.
Keep abreast as Dr. Wright promises to post some of his initial reserach on his blog.
Ooooh. I am all a-tingle (in a platonic way, Dr. Wright. In a platonic way).
Comments