[stcredzero]

Right. I don't think thorough economic analyses come into play nearly enough when people think about security.

[jdp23]

Also an excellent point. Ross Anderson started pushing the term "Security Engineering" around 2000 and economics were a big part of it.

[Tycho]

Can you elaborate on the economics involved, please? Sounds interesting.

[barrkel]

Economics is about the study of choice, at a deep level: the study of choice under conditions of scarcity, or with constraints (a definition like that is in most introductory textbooks). It's almost like psychology applied to crowds of interacting agents.

(Some people seem to get the idea economics is like accounting but vaguer, like a climatologist is to a weatherman or something. Macro economics is the bit that gets in the media most often, but it's also the most ideology-based rather than fact-based.)

[stcredzero]

One example: The universal truth of "DRM Doesn't Work" actually simply means "DRM isn't strong enough to for big companies to stand up to the ravenous appetites of everyone on the entire internet."

This is why big companies with content everyone craves have such a hard time with DRM -- there's just too much firepower arrayed against them. If you look closer, you find that "DRM Doesn't Work" isn't quite true. It's just not as strong as Phillips or Sony would like it to be.

[jdp23]

The Workshop on Economics and Security has some great stuff http://weis2010.econinfosec.org/

Here's Ross's "Economics and Security" resource page http://www.cl.cam.ac.uk/~rja14/econsec.html

[leoc]

"Amateurs study cryptography; professionals study economics." - Allan Schiffman