don't need one, but will always have one
by Lord Ender (156273)

The problem here is that 99% of software purchasers simply don't have the ability to evaluate a product on the merits of its security. They do have the ability to evaluate products (1) on the merits of their prices.

The companies that develop software know that (2) doing security properly is extremely expensive, and requires hiring skilled specialists, and inegrating those specialists at all levels of the development process.

When you take points (1) and (2) into consideration, you realize that there is a lot more ROI in developing cheap insecure software than there is in developing expensive secure software.

This is an example of capitalism failing due to poorly-informed consumers. But I can think of no way to solve the problem (a security quantifier???), so the industry will continue along as it does today: cheap software and band-aid security.