Schneier is off on a sue your way to security nirvana run again about software security: "The primary reason the IT security industry exists is because IT products and services aren’t naturally secure."
Naturally secure. Naturally secure. Naturally secure. I can’t seem to get it through my head. What the heck does "naturally secure" mean? Name any non-trivial asset or resource that is "naturally secure"? Now, up the ante with an intelligent adversary. Somebody, please – what is it that can be naturally secure against an intelligent adversary?
The notion of "natural" security in the face of an intelligent adversary is so fundamentally ignorant that the whole thing must be a charade. It isn’t even a pipe dream – it is an impossibility. Throw in the fact that IT resources are increasing in value and function and there is no doubt of that impossibility.
There is a comment to that same post attributed to "Bruce Schneier" and if it really is Bruce Schneier, then his motives become clear. He writes, "And nothing will change until you can sue that guy’s ass if his security products don’t work." Yeah, right.