Slashdot directed me to this short essay by Robert Hansen (CEO of SecTheory) on the threat of what he refers to as "snakeoil" security:
http://threatpost.com/en_us/blogs/effect-snake-oil-security-090710
While the write-up is decent, I was left with one question: What do we do about it? He does mention that security firms need to work together, to help each other out; but that defies any commercial firm's tendency to make money, especially at a competitor's disadvantage.
I'm definitely a strong proponent of the open source software movement (FOSS) and perhaps, in some way, Hansen was suggesting a similar movement in the IT security world; I think that FOSS's benefits greatly outweigh any of its negatives. However, businesses are formed to make money because money is the medium for goods and services that people need and want. For security firms to cooperate at any significant level, there has to be a significant carrot. One that mutually benefits those corporations that share information and resources. And that has to compete with a company's desire to differentiate itself from its competition and turn a profit.
I certainly don't have the answer to that dilemma, but it's an interesting thought exercise.
