Alan Paller and Stephen Northcutt (2)

"The specifications developed by leading businesses will be integrated and codified into standards that all organizations can follow. Auditors will begin using the common operational security standards as a basis. ISPs will offer auditing compliance with these standards as a value-added service."

Too much judgment is required.
This is why my IDS doesn't page me.
We can't find enough people to do security. Where are we going to find people who can audit our work?
What will compliance cost?
Can I automate auditing my customers' systems? If I can't audit them myself, can I be sure of compliance?
My take? I'd love for it to happen.