Vanguard founder Jack Bogle invented the Index Fund in 1975, the most famous of which is the S&P 500 which is widely used as the bogey against which people judge their investment success or failure. Bogle describes the value of taking an overwhelmingly simple approach to buying stocks, don't pick stocks - you may guess right but you may guess wrong and either way you incur fees and taxes which make it next to impossible to "beat the market" for most anyone. His books go into a lot of detail on the math behind this and how to implement such an approach.
Today he was a guest on Yahoo Finance (yes there is still an area on the Web where Yahoo is #1), he was asked about Exchange Traded Funds (ETFs), which are in some way an off shoot of the Index funds Bogle invented. However its a Frankenstein rendition of Bogle's original index fund because ETFs can easily increase risk through leverage, pricing, sector weighting and costs. The point is - in most cases you have no idea what is in an ETF and you have to analyze it like a stock. In fact last year Businessweek tabbed Commodity ETFs as the Worst Investment in America.
Bogle's take is that ETFs are the "greatest marketing idea of all time, but not the best investment idea of all time"; and ETFs like Commodity ETFs are like the renowned Purdy shotgun, great for big game hunters, but also great for committing suicide. Commodity ETFs are a great example of this - you might think if you bought a natural gas ETF that when prices rise the ETF would rise, but this is not the case.
So where this relates to infosec for me, as I mentioned in the Dangers of Safety Mechanisms, what starts out a risk reduction exercise can actually increase the overall risk in the system. ETFs were seen as a benign, safe investment class modeled on Index funds, they got treated differently, systematically they were classed differently. Kweku Adoboli, the rogue UBS trader, did not have his ETF trade hedges governed the same way as normal equity trades, yet one currency move by the Swiss central bank was enough to lose $3.2 billion.
**
Secure Coding Training Class: Mobile AppSec Triathlon
Do you have what it takes to complete a triathlon on three vital topics in the mobile world: Mobile application security, web services security, and mobile identity management?
Come join two leading experts, Gunnar Peterson and Ken van Wyk, for the first Mobile App Security Triathlon, in San Jose, California, on November 2-4, 2011.
Comments