December again. Time for the year-end retrospective.
The major events
- Trustworthy Computing memo (January).
- Microsoft Windows pause (February).
- Patch Tuesday cadence (spring).
- OpenSSH challenge-response bug (June).
- OpenSSL ASN.1 bug (July).
- Slapper P2P worm (September).
- BugBear mass-mailer (October).
- Honeynet Project paper (June).
- Apache 2.0 release (June).
- Continued Klez tail (continuous).
How predictions fared
From the January list:
My threat-side predictions were mostly conservative — fewer major incidents than I had predicted. The defensive predictions were largely correct, including the timing for Trustworthy Computing.
Net score: I was roughly calibrated for defensive predictions, slightly over-confident on threats.
What is structurally new
Vendors are responding meaningfully. Microsoft is the most visible; others are following more quietly.
P2P attack architectures are operational. Slapper's mesh is the precedent.
The defensive baseline has risen. Patch Tuesday, mature filtering, better tooling — all have raised the bar.
What I want for 2003
More writing about structural defence; more conferences; the genuinely-difficult writing piece I have been promising.
More in the predictions post next week.