Quotes from Alex Stamos

For most companies, they don't want to ever talk about security unless it's an absolute emergency and they've had a breach. And I think that's a mistake.

Almost every OS X server service offers weak or broken authentication mechanisms.

Preventing surveillance of millions of people at a time is totally within our ability.

If you break into an oil company and you're able to find out what gas leases they're interested in, that could be a multi-billion dollar swing in value for one company over another a multi-decade period.

People now know how important it is to build secure systems to underlie our civilization.

Attackers are able to amortize the cost of exploit, malware, and infrastructure development across many targets.

While preventing the distribution of malware through advertising is one part of the equation, it's important to address the entire malware ecosystem and to fight it at each phase of its life cycle.

We will continue to invest in our people and technology to help provide a safe place for civic discourse and meaningful connections on Facebook.

Developing safe products for people around the world will mean accounting for a much wider variety of devices, networks, infrastructure, and political environments.

Too many companies are reluctant to share technical information about threats with each other, and most open platforms and tools don't see widespread adoption. As a result, lots of us are reinventing the wheel and solving the same problems without realizing that our neighbors have already built great solutions.

I think... all of the best public cryptographers in the world would agree that you can't really build back doors in crypto. That it's like drilling a hole in the windshield.

There's a big focus in the security industry on incredibly sophisticated attacks and on very sophisticated threat actors.

The reuse of passwords is the No. 1 cause of harm on the Internet.

We have perfected the art of finding problems without fixing real-world issues. We focus too much on complexity, not harm.

There are major funding gaps for security research generally, particularly when it comes to defensive security practices and tools that will contribute to the protection and defense of the Internet.

Being a CISO is a tough job. I have the end responsibility for the personal information of over a billion people.

The nice thing about my job being CSO at Facebook is that it is well understood here that there is not a trade-off between the trust people have in us and our growth.

Adversaries will do the simplest thing they need to do to make an attack work.

There have been a lot of questions since the 2016 U.S. election about Russian interference in the electoral process.

What we're trying to do at Yahoo is build our products so they're safe and trustworthy, not just secure.

Internet advertising security and the fight against malware is a top priority for Yahoo.

There are a lot of Yahoo users who live in countries where their freedom of expression and freedom of association is not respected and where the government is trying to put malware on their computers to track them.

Yahoo is a global technology company that provides personalized products and services, including search, advertising, content, and communications in more than 45 languages in 60 countries. As a pioneer of the World Wide Web, we enjoy some of the longest-lasting customer relationships on the Web.

Security people aren't brilliant; we aren't smarter than everyone else.