Paller Quotes

We have made enormous progress over the past five years by forcing the vendors to deliver automated patching. Now the bad guys are saying: 'You did that, now we're going after the applications.' Now we have to start all over again. - Alan Paller

We can't protect these systems. The skill level of most Windows users is novice at best, and the basic design of Windows and Macintosh systems isn't geared to security. - Allan Paller

There is a wave of people looking for infected machines. We are getting into the second wave of infections. We haven't figured what they are doing. But we are seeing a very big wave of scanning. - Alan Paller

The shortcut to improved security [is] universal, repeatable monitoring... The Army is now trying Harris STAT. The big difference is that NASA picked the most critical vulnerabilities rather than looking at all 2,000. The latter always leads to overload and lack of action. NASA's approach works. - Alan Paller

The only viruses using [the hole] aren't very malicious, but that has nothing to do with tomorrow. - Alan Paller

The mature model at CDC could offer some wonderful guidelines for long-term planning at NIPC. - Alan Paller

The ISO is going to the CEO saying there's a chance something bad, and possibly something embarrassing, could happen. But how much of a chance, the ISO doesn't know. And if he spends this kind of money, he can reduce the risk but by how much, he doesn't know. It's simply not enough data. Every other C-level executive does better than that and takes on the responsibility for defining the risk. Here, the CISO is putting the responsibility on the CEO. They don't want it, and eventually they won't take it. - Allan Paller

The bottom line is that security has been set back nearly six years in the past 18 months. Six years ago, attackers targeted operating systems and the operating system vendors didn't do automated patching. In the intervening years, automated patching protected everyone from government to grandma. Now the attackers are targeting popular applications, and the vendors of those applications do not do automated patching. - Alan Paller

Page 1 of 4

Next -> Last ->>