Web Security is Tough

This article on The Chilling Effect made me rethink a few things about software quality.

"It's terrible to say," Arora concedes, "but in some ways, from an economic perspective, it's more efficient to let the market tell you the flaws once the software is out in the public." The same consumers who complain about flawed software, Arora argues, would neither wait to buy the better software nor pay the price premium for it if more-flawed, less-expensive software were available sooner or at the same time. True, code can be engineered to be more secure. But as long as publishing vulnerable software remains legal, vulnerable software will rule because it's a significantly more efficient market than the alternative, high-security, low-flaw market.