I was reading Hoff`s posts about disruptive innovation and remembering the concepts behind it. It is interesting to see these business theories being applied to Infosec. I read some of Hoff`s posts about the subject and after some thinking I found some interesting concepts on the subject.First, we can see disruptive innovations as "sharp" angles in a market (field?) trajectory. So, a market evolution trajectory would be something like:

It's not big news that we haven't seen many disruptive innovation on the security field. However, we have lots of very smart people working on it. Why all these people can't produce disruptive innovations?I believe that the reason why we are not seeing security disruptive innovations is because the security market trajectory is not completely independent. Security products or concepts are not created from nothing, but to address a need produced by business trajectories. So, if we look at how companies do business as a trajectory we would find security pursuing the direction changes from that curve:

As we can see, the security line tries to follow the business line whenever the trajectory from it changes. The security line tends to change in more subtle moves, because the security professionals need to understand the business changes, what implications they have and then change their concepts and products to cope with them. However, sharp trajectory changes in the business line (disruptive innovations) can make the security line more distant from the business line. These are those situations where people believe that the security market is not giving the proper tools to support the business, what I called "Security Expectations gap". Those gaps would be smaller if disruptive security innovations were common, but the need to first identify a clear trend from the business line makes it harder to happen.