The word that best captures the message of this chapter is inertia – the rut in the path so familiar and so ingrained with reinforcing processes that are so difficult to overcome. At the start of this book the story of the frog in the cauldron where the temperature rises slowly to boiling point was another way to make this same point. This path has a name: an aftermarket approach to security placing the security burden where it can least be resolved, with the enduser community, the buyers and users of the technology. This rut in the path is a persistent practice despite a body of people and knowledge well aware that it is an inadequate method; doing something the same way faster with more money will not create a new and better result. It will simply make an inadequate process faster and more expensive.

Inertia must be understood for how it keeps the status quo. But to actually get out of this rut, change the patterns, the habit of familiarity and the market forces with self-interest to keep it the same, it will take more than good reasoning and sound logic or even the loss of billions of dollars annually. To un-tether from the suction and drag of inertia will take a surge of new energy from different groups pulling together. It will take a clear commitment to a new path of transparency in security, one that starts at the beginning in product development ...