> From my perspective, it is just as likely that overinvesting in cybersecurity is problematic. Nobody is more secure for buying more products
Yes, but isn’t this because security cannot generally be packaged into a product? Just like how anti-virus programs was a bad solution for consumers, a lot of the same snake oil is packaged up with B2B stickers and bolted-on a disastrous core of insecure dev and ops practices?
I mean the companies with a good security track record that I know of develops it all in-house, and it permeates the culture of those companies, from the first design ideas through development, maintenance and ops.
Yes, but isn’t this because security cannot generally be packaged into a product? Just like how anti-virus programs was a bad solution for consumers, a lot of the same snake oil is packaged up with B2B stickers and bolted-on a disastrous core of insecure dev and ops practices?
I mean the companies with a good security track record that I know of develops it all in-house, and it permeates the culture of those companies, from the first design ideas through development, maintenance and ops.