The primary goal of a vendor is to make money.

In some industry markets, high quality can be tied to making more money, but I am sure by now all of us know the computer industry is not like that.

So the HP guy comes up to me (at the Melbourne conference) and he says, 'If you say nasty things like that to vendors you're not going to get anything'. I said, 'No, in eight years of saying nothing, we've got nothing, and I'm going to start saying nasty things, in the hope that some of these vendors will start giving me money so I'll shut up'.

I actually am fairly uncomfortable about it, even if our firm stipulation was that they cannot tell us what to do. We are simply doing what we do anyways - securing software - and they have no say in the matter. I try to convince myself that our grant means a half of a cruise missile doesn't get built.

I think it is astounding that people could argue for "you just must trust someone else to fix it" instead of "you could fix it yourself, or hire someone to fix it." There is a contractor base out there that can solve these problems as well as or better than the major vendors could. But I think the major vendors are still having more luck at getting the ear of the press.

I don't know if there's enough vision. Industry wide, the apathy regarding this recent problem is already setting in - shiny things are happening elsewhere, people are forgetting.

Only failure makes us experts.