Two things I wanted to respond back to: first, I didn't mean to suggest that I was "taken out of context". While I always caveat my warnings, I was quoted entirely accurately by Bill with what he said. The caveats weren't included in the article, but I didn't expect them to be. The point was simply that I always knew it was possible that there wouldn't be a worm - just that the conditions were right.
As for hurricanes, I can claim to have lived through only one of them - I'm not a southerner as Alan is. But I do take a bit of an exception to his analogy - I have made this kind of warning only one other time in the last 3 years. While many other people in the security community are hawkish every month, you can see from previous news stories that I'm usually the one who is suggesting the least severity around things. I've had numerous Patch Tuesday discussions with reporters where my message was basically "ho, hum... another IE patch".
The argument behind my alarmist comments was basically the same one that Tom Ptacek made over at Matasano's blog:
What a vulnerability needs to rival the Slammer worm:
This is very different than a weatherman predicting a hurricane with only a tropical depression forming - this is more like seeing a tropical storm on a westerly track from about 350 miles from Florida, when the water is significantly warmer than it is in average years. Sure, there's a possibility that the storm will turn north early, or head into the gulf without making landfall. But there's also a good chance that it'll hit land.
And, while Alan is completely right about me knowing little about hurricanes, I know a little about internet worms. The conditions were right for a bad one - that it hasn't hit is fantastic, and nobody is happier than I am about that (except perhaps the administrators who would have lost sleep).