Goldman Sachs security incident

Allegedly the source code for Goldman Sachs “low latency (microseconds) event-driven market data processing, strategy, and order submissions” systems have been stolen by an insider (via Zero Hedge here and here).

Personally I find this (and similar cases) overblown for several reasons:

  • Sourcecode by itself is worthless. The important thing is the mathematical model behind the sourcecode and reverse engineering it (even with the sourcecode present) is quite tedious.
  • Let me repeat myself: sourcecode is worthless, and anyone imagining that there is some “secret sauce” in it is mistaken. It is true that such venerable systems have all kinds of little “smarts” built in to defend against situations which may occur, but again, extracting those out without the (a) test infrastructure or (b) the commit log for the source files (which should contain some useful information) is a monumental task.
  • Finally: sourcecode is worthless 🙂 (did I bore you dear reader?). There isn’t anything particularly interesting in the implementation. We are professional engineers. Give us a (well defined) task and we will build it (if you have the resources). Microsecond level latency? Should be no problems for some ASICs (or FPGAs if you want them to be reprogrammable). Then again, I have to wonder if this isn’t all marketing speak conditioned by statements like “microsecond latency in our internal systems“, because there is quite a large possibility that the connection between the internal systems and the exchange is done over something like TCP/IP, where you will get a delay of hundreds of milliseconds.
  • It is all about the business. Even if you replicate all of the facilities offered by GS, you still won’t have the business contacts they have!

So, a big bruhaha over nothing. A coder who overestimated what his work might be worth, and if he gets lucky, he can sell it to some company which overestimates the gain from it. Source code is commodity and there are enough professional engineers out there to replicate any system you can specify.

, , ,

Leave a Reply

Your email address will not be published. Required fields are marked *