Christopher Allen, a name I'd never heard before reading this article (ah the power of blogs) posted an interesting writeup on the state of the computer security industry and its potential futures. check it out here.
The idea of moving away from selling security through FUD (Fear, Uncertainty, Doubt) is great, im all for it. Merging with insurance schemes might be a way to ensure that security sticks around, avoiding the need to sell a product, as in the case of RSA, et al. I really think that security firms like counterpane will become more popular. as more companies need security, more firms will pop up to take the call. companies can not rely on in-house security for long. when a super-worm gets released, who will be better prepared? the company with the guys on the 2nd floor with the firewall-appliance, or the company working with a managed security company that takes preventative measures on all its clients as soon as it recognizes a threat against one of them?
in a business sense, eventually computer security will be much like physical security. companies all have insurance. those that have hired security firms will pay less for their premiums, whether they are insuring their building or their data.