Experts have called for the IT security industry to improve its products and adopt universal testing metrics so that buyers can get a clear idea of what works and what doesn't.
Paul Kocher, inventor of the third version of SSL, said that the security industry lacks oversight, and that some products simply do not work as advertised.
Too many people are making money by selling a product and then charging to fix its initial failings, which is not a desirable business model.
"We need to have regulation or liability; at the moment we have neither," he said. "Some products are snake-oil. I suspect this will be decided by the lawyers."
Kocher pointed to the aviation industry as an example of best practice, where a full investigation is held after every crash. Flaws are analysed and design changes enforced among airlines and aircraft manufacturers to avoid the problem in the future.
Sal Stolfo, professor of computer science at Columbia University, complained that there is no agreed standard of testing to inform buyers.
"The industry needs to invest in testing to get rid of the snake-oil. There's a hodge-podge of metrics, but most of them are on how good malware is," he said.
"There are some cost metrics for intrusion protection systems, but it's not a science yet and it's underdeveloped."
Security expert Hugh Thompson agreed that there are too many poor products out there, although he pointed out that there are some reasonable metrics for cryptography.
14nm Cavium ThunderX2 CPUs deployed in HPE Apollo 70 supercomputer for US National Nuclear Security Administration
MWR's Countercept platform and phishd technologies key to F-Secure acquisition
Brexit labour shortages will lead to higher adoption of robotics
Newbies will be thrown in with the big boys on Sanhok as Kar98 fodder