Security guru Bruce Schneier has renewed his attack on the IT security industry. A record number of attendees is visiting this week's Infosecurity trade show in London but nobody is buying anything, according to Schneier.

"Buyers don't understand what is being sold. That's why the security industry as a standalone entity is dying," Schneier told El Reg. "It's only because the stuff you buy sucks so bad that the information security industry exists in the first place," he added.

Schneier feels ennui for Infosec.

Schneier compared the information security industry to the car market. Consumers don't buy anti-lock brakes as a separate product. Similarly, information security should be built into products rather than being sold separately, Schneier argued.

He reckons that as the IT security industry matures there will be a greater demand from customers that products and services simply work, a trend mirrored in the growing use of outsourcing.

"Telcos and OEMs should become the only customers for security products. That way you'd have smarter buyers," he explained.

Schneier has touched on this theme before, most recently in a blog posting on the recent RSA Security conference. More of his latest thoughts on the subject can be found here. ®

Related stories

• Infosec Infosecurity is very much like... (26 April 2008)
• Make vendors liable for exploits (10 March 2008)
• Experts paint bleak picture of security in 2017 (4 December 2007)
• Bad security products thrive on confusion (24 October 2007)
• BT buys Counterpane to bolster security services (25 October 2006)