I'm not clueless about economics. I know that that's what they're doing. I know that it's profitable. My point was that it's more profitable to take the time to write sturdy, well-documented code, furthering the the state-of-the-art.
The main reason that the `security market for lemons' exists is that it's profitable (albeit not most profitable) and it's easy (throw some coders at it for a week or two and peddle it as long as possible). Of course, when I wrote that many companies stupidly insist on the latter, I ignored the fact that few such companies bother repairing it's shoddy product. Sometimes, they'll even outsource software repair to their users, e.g. marketing it as a "user community" or "help forum".
The problem with `the market for lemons' analogy here is that the market for lemons is a subset of the used car market, while software development is about making software, i.e. producing new (albeit, in the case of the `security market for lemons', bad) code. It would be more apropos to compare the bad-code business model with the soviet-era new car market, where even many newly manufactured cars were shoddy.
Most persons buy a car for the sake of using it, and will keep using it until it's in such a condition that he considers it below his standards. Occasionally, someone will sell a car that he would otherwise keep, e.g. because he's moving, but this is rarer. Of course, even with used cars, different persons can have different standards of drivability, which means that despite only selling what the seller considers useless, there may be a buyer that considers it usesome.
These practices are inherently beneficial, as you seem to believe. These practices are pernicious. If you had understood what was written at the pointers you provided, you would see that the problem is that the product is complex, requiring special understanding to discern how good the product is.
That's why we have, in the used car market, vehicle history reports. That's why we have, in the revolving credit market, credit reports. That's why we have, in the informatics market, software audition. Another thing that exists in the informatics market is source publication, which eases audition. I'm not even saying that there needs to be a free (e.g. ISC) license.
<https://www.schneier.com/blog/archives/2007/04/a_security_mark.html>から
It's not just that designing good security is hard -- although it is
Sure, it's hard for nonspecialists. So is anything. Whatever nonspecialist of whatever profession shall find that profession hard. Most specialists of whatever profession find that profession slightly challenging (there may be nondemanding jobs). It may be that some persons are misemployed. This is too-often the case in security.
The difficulty to a security design specialist of designing security well is about the same as the difficulty to a algorithm design specialist of designing an algorithm well. Slightly challenging.
The difficulty to a security design nonspecialist of designing security well is about the same as the difficulty to a algorithm design nonspecialist of designing an algorithm well. Very high.