From the Current Issue of the CRYPTO-GRAM by by Bruce Schneier:

The Doghouse:  Amit Yoran

Here's a question: if you don't think it's possible to improve the
security of computer code, what are you doing in the computer security
industry?

"Amit Yoran, the new head of the Department of Homeland Security's
national cybersecurity division, said the administration is assessing
the impact of various regulatory proposals. One of them calls for
companies to report, through the Securities and Exchange Commission,
their preparedness for attacks on their computer networks. Mr. Yoran,
formerly a vice president of Symantec Corp., said the department is
considering other measures, though it leans toward private-sector
approaches.

"'For example, should we hold software vendors accountable for the
security of their code or for flaws in their code?' Mr. Yoran asked in
an interview. 'In concept, that may make sense. But in practice, do
they have the capability, the tools to produce more secure code?'"

The sheer idiocy of this quote amazes me.  Does he really think that
writing more secure code is too hard for companies to manage?  Does he
really think that companies are doing absolutely the best they possibly
can?

I can handle blatant pandering to industry, but this is just too stupid
to ignore.

The article:
<http://online.wsj.com/article/0,,SB107040249488089600,00.html>
<http://news.com.com/2008-7355-5112350.html>

I like a man who calls it like it is :-)