Government Web intrusions mainly occur because vendors sell systems with security holes, a researcher told a federal advisory panel on Thursday. Alan Paller, director of research at the SANS Institute, presented his findings to a National Institute of Standards and Technology body that was meeting to discuss minimum cybersecurity standards for the U.S. government.