> sometimes the US government

Yeah, but that's a huge opportunity b/c they have tons of money and constantly overpay massively for things.

> If we only released secure software, that $300 billion market wouldn't exist

This is the broken window fallacy [1]. In fact, what you are saying is that there is $300 billion of value to be created by making secure software.

1: https://www.investopedia.com/ask/answers/08/broken-window-fa...

The broken window fallacy doesn't apply to software security for a couple of reasons. The first reason is that it isn't apparent that software is insecure until well after the sale, and depending on use (i.e. on a security network, etc), might actually be fit for purpose. In other words, measurement of window brokenness changes over time and with situation.

The other important difference is that the software vendor, unlike the glazier, doesn't directly benefit from folks breaking its software.

A better analogy is the introduction of the iPhone creating the iPhone accessories market. For lots of reasons, Apple decided not to make the iPhone crush proof, allowing Otter and others to sell protective cases for it.

To say that it's "vastly more economically viable" to spend $300 billion fixing insecure software rather than simply making it secure in the first place is fallacious.

If you made the software secure in the first place, you would have secure software and $300 billion to spend on something else (guns, butter, or what have you).

That seems like the very definition of the broken window fallacy to me---but hey, if not, it's still a fallacy.

Of course we haven't factored in the extra cost of making the software secure in the first place. If that costs vastly more than $300 billion, it is vastly more economically viable to just make broken software, but I don't think that was the intention of the statement.

Sadly that actually sounds like it could be a really interesting industry to work in tbh.