Every year, some publication asks me to come up with a list of my top 10 predictions for the security field, and every year I tell them they might as well just dust off an article I wrote a year earlier, with maybe a couple of buzzwords and a new technology added on. What you can generally expect in any given year is more of the same, with some slight variations.
That doesn’t stop people from making predictions, though. Vendors and supposed experts can’t seem to control the urge, but when I read their predictions, I just have to shake my head at the uselessness and gross ignorance of most of the comments. Predictions are useless when they are obvious, which many of them are, and they show gross ignorance when they predict things that have already happened. Surprisingly, predictions of past events are fairly common on these end-of-year lists; the prognosticators don’t know enough about the security industry to know that what they are predicting has already happened.