Dave Whitelegg has a blog that I’ve just stumbled on and the first article I see is this one:

IT Security Expert: Security is a Process, not a Product.

This is a great post and also contains a link to a great article by Bruce Schneier - here - the gist of things here should echo what I’ve been posting about - information security is not something that a vendor with a magic box is going to provide….

Security is a process, an integrated, wholistic approach that incorporates technology, technology products, internal process, policies, review practices, etc., etc.  Knowingly mis-leading organizations into buying a ’silver-bullet’ product is unethical and (should be) extremely transparent.