Gresham, Akerlof, and security (lack of) quality
I didn’t read Schneier’s Wired article (http://www.wired.com/politics/security/commentary/securitymatters/2007/04/securitymatters_0419) until it came out in his newsletter, but it struck an immediate chord. He was commenting on Akerlof’s work proving that, when vendors know a lot more than buyers, the marketplace ends up flooded with bad “goods.” (http://en.wikipedia.org/wiki/The_Market_for_Lemons) (He doesn’t mention Gresham, who showed that items of inherent value tend to disappear from the market (http://en.wikipedia.org/wiki/Gresham%27s_Law).)
As a reviewer of security books, I see this all the time. It takes time to write a book. It also takes time to learn something of value to put into a book. So it’s a lot easier to write a bunch of nonsense and sell it. After all, almost by definition, the people to whom you are selling the books will not know the difference. If they could tell the difference between good advice and bad advice, they wouldn’t need any advice.
I’m also seeing the same thing in conferences. Conferences are expensive to organize. And, increasingly, conferences are organized by professional event companies, not anyone who really knows or cares about the topic. Therefore, it is easier and cheaper to get vendor representatives as speakers for the events. (Generally the vendors are only too happy to send their people, and will pay all the expenses, and sponsor something for the conference as well.) People who actually know something probably don’t want to pay their own way to speak at these things (or can’t), or can’t be bothered to jump through the hoops held out by the event companies.