Scoring the 2002 predictions:
1. Auto-propagating worm comparable to Nimda. 85%. WRONG (no Nimda-class event).
2. SMB-based worm. 70%. WRONG.
3. Mass-mailing worms continue. 90%. RIGHT (BugBear, Klez variants).
4. Significant DDoS attack. 70%. PARTIAL (no clear Mafiaboy-scale event).
5. WPA-attacking tool. 25%. RIGHT (no tool emerged).
6. Chain-compromise incident. 65%. WRONG (no major one).
7. Trustworthy Computing memo. 75%. RIGHT.
8. Windows pause. 70%. RIGHT.
9. IIS deployment reduction. 60%. PARTIAL (some movement, hard to measure).
10. WPA progress. 65%. RIGHT (standardisation continuing).
11. Honeynet paper. 85%. RIGHT.
12. Snort 2.0 development. 75%. RIGHT (active discussions).
13. Linux 2.6 begins. 70%. RIGHT (development underway).
14. High-profile data breach. 60%. PARTIAL.
15. Two-factor for banking. 45%. PARTIAL (some deployment).
16. Honeyd mainstream. 55%. RIGHT.
17. Network segmentation default. 75%. RIGHT.
18. Cybercrime as enterprise. 80%. RIGHT.
Net assessment
I was over-confident on the threat side. Most of my threat predictions either resolved wrong or were partial. I was approximately right on defensive predictions.
The lesson: the defensive infrastructure improved enough in 2002 that several major threats I had predicted did not materialise. This is good news; it should also recalibrate me.
For 2003 predictions, I will be more conservative on threat-side estimates.
More in the 2003 predictions post next week.