I honestly don't believe that the consumers will _EVER_ care, and I don't believe that should have to. At most maybe they should just need to keep an eye out for a sticker, or star-rating (government approved) or something. But as you say, 'security' is 'hard to measure', so an approach like that won't work.
As the saying goes, give the consumer the choice between security and dancing pigs, and they'll pick dancing pigs every single time. There's probably more than just a grain of truth to that.
Yet, despite that pessimistic outlook -- and the survey that forked this thread -- I do think that companies are demanding more in software security, even though consumers are not. I'm not aware of surveys that directly address that, but it sure seems obvious to me that they are. Here's to wishful thinking, anyway!
Cheers,
Ken van Wyk
