This article can also be found in the Premium Editorial Download "Information Security magazine: Reflections on the impact of Sarbanes-Oxley."

Download it now to read this article plus other related content.

Crystal Ball
Information Security's fifth anniversary issue was spot-on.

With a half-decade under its belt in 2002, Information Security dared to look ahead in its fifth anniversary issue, also known as the Crystal Ball issue. Several experts were given space to pontificate on what may come in the next five years. And know what? For the most part, guys like Gene Spafford, Marcus Ranum and the editors of Information Security were spot-on in their prognostications.

While Ranum writes and speaks with wit and candor, his barbs are laced with brutal honesty. In 2002, he told Information Security readers that among other things, autopatching would be predominant and that software should not be bought, but rather subscribed to.

In light of Microsoft's Patch Tuesday and Oracle's massive quarterly updates, automated patching has indeed removed the pain of maintaining system patch levels, and minimized exposure to vulnerabilities and exploits. While zero-days are a constant threat, automated patch tools help security managers keep pace.

Software as a service, on the other hand, is gaining steam, and perhaps Ranum's prediction needs a couple more years to season.

    Requires Free Membership to View

Spafford, meanwhile, signed off with eight prognostications in 2002, most of which were on the mark. For example, he said a rush-to-market for new features would create new holes and force developers to shove aside security to accommodate these demands. Spam would continue to be a problem, as would consumers' insatiable need for fad technologies. But he did miss on two predictions: that insurance companies and liability lawyers would be-come more involved in cybersecurity incidents, and that appliance-based computing would take off.

Spafford says the economics of liability and insurance prevented that prediction from coming true. For now, companies are passing the costs to consumers, he says.

"That prediction may still come to pass when the TJX class-action suits begin to be filed against them," Spafford says. "We could see that as the beginning--courts finding favor and handing out substantial damages. Once that happens, that's more than companies can pass on to consumers. We'll see third parties come into play."

As for appliance-based computing, Spafford says he didn't foresee the trend of virtualization; that coupled with the immaturity of integrated management products. It's much easier for a smaller company to roll out its own Linux-based appliance and fill that space, Spafford says.

Cover story Information Security celebrated its fifth birthday in 1997 by doing a double-take on its first five years and peering ahead at what might be the most influential companies and prominent attacks of the coming five years.
Here's how we did:

Influential companies '97-'02

  • Check Point Software Technologies
  • Computer Associates
  • Internet Security Systems
  • Network Associates
  • RSA Security
Predicted influential companies '03-'08
  • Cisco
  • IBM/Tivoli
  • Microsoft
  • Symantec
  • Tripwire and Sourcefire
Also Information Security readers were polled for the fifth anniversary issue and asked to rank the five worst attacks and predict the most ominous threats ahead.

5 Biggest Attacks '97--'02
  • Code Red
  • Melissa and LoveLetter viruses
  • Distributed denial-of-service attacks on Yahoo, eBay, et al
  • Remote control Trojan horses
Predicting 5 Biggest Threats '03--'08
  • Super worms
  • Stealth attacks
  • Automatic update exploits
  • Routing/DNS attacks
  • Combined physical/cyber threats

This was first published in January 2008

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: