Veracode Research Team Gives 5 Predictions for 2011

As we close out an security eventful 2010, the Veracode research team though it would be a good idea to think about what we are likely to see happen in 2011. Here are 5 predictions we believe will have a very good chance of coming true.

1. Sandboxing goes mainstream with adoption by Firefox and Internet Explorer
Sandboxing can prevent the exploitation of coding errors by preventing code running inside the sandbox from interacting with the operating system. Software companies with apps that are designed to render data and interpret script code downloaded from the Internet start to adopt sandboxing.

2. Microsoft follows Google and Mozilla and starts paying a bug bounty
Following Google’s and Mozilla’s lead, more companies offer to pay researchers for reporting bugs to them. Microsoft, which stated years ago that they wouldn’t ever pay for bugs, caves to industry pressure as they are hit with more uncoordinated disclosures than their peers.

3. A mobile app causes a major enterprise security breach
Rapid growth of mobile apps continues on enterprise-connected mobile devices. Inevitably, attackers leverage this juicy new attack vector to penetrate corporate perimeters and gain access to sensitive data. It also turns out that the malicious application that enabled the attack was downloaded through a well-known and trusted app store.

4. Government and corporations stock up on anti-leak security products to defend against insider attacks, but high profile leaks continue
The insider threat problem is so huge that a single security product category such as DLP coupled with new policies on removable media fails to make a dent on leaks. The comprehensive security programs focused on internal applications and internal networks take years to implement. New organizations copy the Wikileaks model to give more outlets for leaked information.

5. A critical infrastructure facility in the US suffers a damaging incident resulting from a Stuxnet-like stealthy targeted worm
Stuxnet demonstrated a sophisticated, aggressive attack capability that can be replicated. Removable media is once again used to bridge an air gap and a zero-day vulnerability in a SCADA system is used to cause physical damage.

Veracode Security Solutions
Veracode Security Threat Guides

DmitryK | December 8, 2010 1:15 pm

It feels like (3) and (4) will be part of the same security incident

cyb3rs3c | December 8, 2010 1:27 pm

Excellent predictions, number three may be the return of crippling attacks like SQL slammer. Number 5 is a bold prediction but definitely possible. Number 4 is disturbing, how are these DLP products selling? Is no one testing to see if their detection mechanism can be evaded? I have tested three of these products in the past and each one was easy to evade.

Veracode Security Predictions for 2011 « Predicted | February 5, 2012 9:14 am

[...] (Veracode Research Team Gives 5 Predictions for 2011) Rate this: Share this:TwitterFacebookTumblrLinkedInDiggStumbleUponRedditEmailPrintLike this:LikeBe the first to like this post. [...]

Please Post Your Comments & Reviews

Your email address will not be published. Required fields are marked *

RSS feed for comments on this post