Bruce Schneier says the obvious:

Last week I attended the Infosecurity Europe conference in London. Like at the RSA Conference in February, the show floor was chockablock full of network, computer and information security companies. As I often do, I mused about what it means for the IT industry that there are thousands of dedicated security products on the market: some good, more lousy, many difficult even to describe. Why aren’t IT products and services naturally secure, and what would it mean for the industry if they were?

— Do We Really Need a Security Industry? Bruce Schneier, Schneier on Security, 3 May 2007

Obvious in an emperor’s new clothes sort of way. Continue reading →