The software market doesn't reward security, it just punishes perceived insecurity
Random thought: The market hasn't rewarded Microsoft's
recent security initiatives (W2K3, XPSP2 etc.). Microsoft pumped a ton
of development (read money) into their recent security efforts, which
dramatically reduced their attack surfaces. That's a good long term move, but I
don't think it paid off in immediate sales. I can say from my personal
experience that administrators talk about the improved security they're getting
when they install W2K3 for other reasons, but no one moves to W2K3 to
get secure.
The market doesn't reward security. It may punish insecurity, but doesn't seem to reward secure OS's or software
with increased sales. Despite the fact that W2K3 is much more secure than W2K,
it doesn't look like the investment directly paid off in sales
revenue.