A few years ago a dentist that I consulted with recommended me Dental Protector for Night Time Teeth Grinding. She mentioned that I grind my teeth during sleep. How in this world can I disprove her statement unless I have some external observer to monitor me all night to validate my teeth grinding!

Security is invisible. Customers are willing to pay for visible software product functionality but not for secure software product development methodology. Unfortunately, most of the security is in the backend, if security works well, truly, it should be "invisible" and the fact that it hidden does not motivate customers to pay anything extra. Security incidents motivate customers to act, this is the time when security becomes visible but the limelight fades away as soon as this  incident is handled.

We as security professionals see: the internal mechanics of software security and also can speculate ramification of poor software security in customer deployment. Because we see this we can't expect customers to pay for it. Making security visible to the customer will defeat the whole purpose of security and making it invisible diminishes the value of security. It is a dichotomy that we (as security professionals) have to manage and live with.  Customers who notice and are aware of security may start check on of the security aspect of a product before buying it. Unfortunately, security is just one aspect, buying a specific product vs. other products purely based on security is a pipe dream. In the distant future when all products have security built in, security won't be a differentiator anymore and visibility of security will diminish even further.  

If security was highly visible, we would find Steve Jobs touting security on stage at MacWorld. May be this is the reality check for security professionals.