Ian Bogost:

Fifty years' worth of attempts to turn software development into a legitimate engineering practice have failed.

Michael Mann:

If it hasn't been targeted, that's only because somebody hasn't bothered to yet.

Adriel Desautels:

The vast majority of vulnerabilities are exploited within days of them becoming known.

Economist:

The average time between an attacker breaching a network and its owner noticing the intrusion is 205 days.

TrapX Security:

Our scientists believe that a large majority of hospitals are currently infected with malware that has remained undetected for months and in many cases years.

Steven Bellovin:

There's good evidence that people are playing serious malicious games with the routing table.

Dan Kaminsky:

Some companies think we should be stopping all hackers. Others think we should stop only the other guy's hackers -- they think we can win the war ...

Eugene Kaspersky:

It is not possible to be the champion in every game.

a draft report jointly compiled by the Estonian authorities and Microsoft:

It became clear that no matter how ready you think you are, you are never ready enough.

Howard Schmidt:

What we can do, we can expect done back to us.

Jane Harman:

Be wary of writing code you wouldn't want thrown back against your own networks.

Whit Diffie:

There are lots of people who want you to be secure against everyone but them.