I think the entire discussion so far can be summed up into a few points
1) some people are gullable and will pay "extra" for security
2) some aren't :)
3) you're probably better off not mentioning it at all and just
assessing the needs then building those costs from the get-go
4) while a 'tiered' pricing setup for security may be completely
feasible, it's not very ethical
5) ethics don't matter to everyone
6) it's very easy to exploit the lack of software/security knowledge
of the general public, but you have to realize you will lose some of
the market (the knowledgable part) when you do
On Thu, 30 Sep 2004 09:56:06 -0700, Michael Wojcik
<michael.wojcik@microfocus.com> wrote:
From: Jeroen van Drie [mailto:jvdev@3va.net]
Sent: Thursday, 30 September, 2004 10:22
You can say we live in a market economy and someone is simply
going to slap together a few lines of code and offer a lower price.
But how many people bought a Yugo because it was the cheapest car?
When buying a car, brand, style and safety are deciding factors too.
Brand and style are readily apparent to the car buyer. Security is not
readily apparent to the software buyer. In fact, it's very difficult for
even a knowledgeable person to gauge the security of a commercial software
package. It's not impossible, but it requires considerable effort even to
achieve a reasonable estimate.
Safety only became an issue when too many people suffered from the
lack of it, and software is arriving at that turning point too.
I believe that if you surveyed car users and software users, you'd find far
more of the former are conscious of safety issues, than the latter are of
security issues.
Judging the safety of a particular car requires some effort, but car safety
as an issue is readily apparent to anyone who uses a car for any length of
time. That's not the case with software - witness the huge numbers of PC
owners who don't use virus scanners or firewalls.
Now is the time to sell your customers a Saab or Volvo.
My previous two cars were a Saab and a Volvo, but I'm a knowledgeable,
discriminating car buyer. Both brands are pretty uncommon around here - as
are knowledgeable, discriminating buyers. In fact, they're relatively
uncommon everywhere. And that's one reason why Saab is now owned by GM and
Volvo by Ford.
And note that, at least here in the US, most specialty car dealerships are
either combined with, or operating in conjunction with, common-brand
dealerships. Few people stay in business by insisting that customers buy
top quality or go elsewhere. Boutique businesses are - by definition -
niche businesses.
Principles don't pay the bills. Sales do.
--
Michael Wojcik
Principal Software Systems Developer, Micro Focus
--
Brandon Niemczyk
http://bniemczyk.doesntexist.com
