“Good security design takes time, and necessarily means limiting functionality. Good security testing takes even more time, especially if the product is any good. This means the less-secure product will be cheaper, sooner to market and have more features. “
This article is another reason why Bruce Schneier makes alot more money and is far better known in the industry than I am. He takes a complex topic and relates it in very clear terms. Something I’m not nearly as gifted at.
Anyhow, this article is a good, quick read on some of the problems facing the Infosec industry. It illustrates the risks involved in selecting security products and underscores why due diligence in project and change management (especially in IT) cannot be over-stated. IT cannot be left on an island by itself. IT departments needs the assistance of experienced individuals in product-testing from across the enterprise and even from outside help.