Do We Really Need a Security Industry?

netbuzz noted that Bruce Schneir's latest column discusses the security industry where he points out that "The primary reason the IT security industry exists is because IT products and services aren't naturally secure. If computers were already secure against viruses, there wouldn't be any need for antivirus products. If bad network traffic couldn't be used to attack computers, no one would bother buying a firewall. If there were no more buffer overflows, no one would have to buy products to protect against their effects. If the IT products we purchased were secure out of the box, we wouldn't have to spend billions every year making them secure."

Re:Security industry is needed

[CastrTroy]

And apart from a small minority of the security problems, they mostly do exploit the human factor. Even when it's something like outlook automatically executing files, it's still the human factor, a human decides to run that software. As soon as any knowledgeable person learned how insecure outlook was, they should have stopped using it. Why would anybody use such insecure software. You don't see any exceptions being made for people who buy $600 used cars and then complaining that it breaks down. If you knew the car was so bad, why did you buy it in the first place?

Re:I see what he did there

[Roarkk]

Qmail is secure by nature. Qmail is guaranteed by the programmer to not have security bugs, with a $500 bounty for the reporter of the first exploit.

Sometimes, a quick Google search is effective at debunking myths. Qmail is neither secure nor bug-free by design, and Dan's blatant disregard of patches, fixes, and this page, combined with his inability to recognize and resolve known issues (granted, maybe he doesn't have an extra $5,000 laying around) is ludicrous. That being said, I still like and use QMail. I just don't swallow propaganda from semi-psychotic (albeit very talented) developers.