Depressing News About Security Software

Bruce Schneier has a rather depressing article in Wired this month, about why bad security products drive good ones out of the market.

In essence, in a market where the seller knows a lot more about the buyer, and there are many options, the buyer bases their purchase decisions on the average product price. The high-end stuff -- which is the only secure option -- is just too expensive to justify. Pretty soon, nobody buys the good stuff, and we're all left with the lemons.

In a used car market, you can use economic signals to correct this market behavior, and drive people to make wise purchases... for example, an independent mechanics can spot a lemon rather quickly. Employ one to help you out, and you can purchase a good cars amongst the lemons.

Unfortunately, those independent experts are incredibly expensive in the software security field... and even they don't instantly know which products are the lemons. It takes weeks or months of intense analysis. Who has the money or time for that?

Other signals, like as encryption standards and company reputation, are useful... but they also are no guarantee. So crappy security products will always get to the market faster and sell better than effective security products.

So very depressed...

Recent comments