About a week ago I created a market on Inklink Markets, a website that enables you to participate in predictive markets. The idea of such markets is that crowd wisdom will yield a correct answer, and when we (as the crowd) “buy” positions in the market (effectively betting one way or another) we’ll reveal the truth with our collected information. Example: I know I have a 0-day vulnerability in MS Windows Vista that I’ll be announcing this month, so I “buy” a position that says that there’s a greater than 50% chance that a remote code vulnerability in Vista will come to light in March, 2007. When I reveal the bug, the position’s price will rise to $100 and I’ll have made $50 per share. Similarily for the “Number of critical security bulletins” market, I may have knowledge of a few (ie because I participated in them) and expect a few more, so I wager that 5 such bulletins will be revealed next week, and I buy a position saying “5 critical bulletins”. Pretty easy, no?
So far the markets are easy for me to run (thanks, Inkling!) and the first one I created, How many critical vulnerabilities will be addressed by Microsoft in their March, 2007, Security Bulletin cycle?, is generating some interest. The conventional wisdom is that Microsoft will be disclosing 5 critical bulletins next week.
As for the other one, How will Microsoft fare for product security in March, 2007?, this one has yet to take off. Maybe I need to generate some pump and dump spam to generate interest. “VISEX is going to go through the roof!” This second market I created is more about probabilities, but you get the idea. Do you think someone will reveal a new remote code execution vuln/exploit in these products in March, 2007? If I could participate in this market I would probably put some money on Office (nearly a sure thing these days).
Sign up at inklingmarkets.com. It’s free, fun, and you get $5000 fake bucks to start with. These markets close soon, so you can make some money pretty easily.