Writing this in mid-November as the year-end period begins. The structural shifts of 2002 are visible enough to start summarising.
What changed
Microsoft's Trustworthy Computing has produced visible changes. The patching cadence, the advisory thoroughness, the customer communication — all have shifted measurably. The substantial test (next-generation products shipping with secure defaults) is still ahead.
The worm landscape has been quieter than 2001. No Code-Red-class events. Slapper was significant but bounded. Mass-mailers continue but at sustainable volumes.
The defensive coordination has matured. Patch Tuesday, the Honeynet Project's published paper, the various inter-operator coordination groups — all have made progress.
What is next
The year-end posts will follow the standard format. Predictions scoring, structural retrospective, predictions for 2003, end-of-year reflection.
More in the coming weeks.