Security status quo

I am on the road these two weeks talking about the State of Spyware Report. I find that I make a lot of predictions in my presentations that should be documented to keep me honest.

I am on the road these two weeks talking about the State of Spyware Report. I find that I make a lot of predictions in my presentations that should be documented to keep me honest. One of my charts depicts the threat space in three dimensions:

ThreatSpace2.jpg

I like to point out that the Vulnerability Vector extends forever in time. Just as yesterday was vulnerability Tuesday and Microsoft announced three critical vulnerabilities in Windows and IE there will always be vulnerabilities in Microsoft systems that lead to exploits that are used by unsavory types to make a buck. So my predictions:

1. Windows Longhorn will be released this decade. 2. It will take two years for more than half of enterprises to upgrade to Longhorn 3. The second Tuesday of the first month after Longhorn is generally available there will be critical vulnerabilities in it.

In other words, Longhorn changes nothing in the threat space.