Some security predictions

You all have probably seen and read a lot of different security predictions for year 2009. I think there is nothing wrong with such lists, some predictions seem pretty self-evident and some contain vendor buzz. Do you have one or two predictions you have a strong feeling about, that you think will happen this year? Feel free to share in blog comments!

Considering spam and botnets, I think there will be more research put into analyzing botnets and more pressure on badly behaving ISP:s like with the MoColo case. ISP:s will be forced to react to the problem in some way, but this eventually leads to more advanced botnets that are harder to figure out.

Personally I think ISPs should be required to install spam filtering technology on their mail gateways (inbound and outbound) and offer it for free for their customers, also email clients should come bundled with spam filtering software.

My second thought is that there will be more focus on whitelisting approach and also extensive input validation "modules" built for the most common web development languages (asp, jsp, php, etc), which is easy to implement and modify based on your needs. The functions would be easy to include into your existing applications and as long as you religiously use the functions properly before doing something with the input, it will make you site more resilient against technical vulnerabilities.

Personally I think there should be this kind of common "modules" available for developers to use. Even with such modules, it wouldn't remove everything and business logic flaws can still exist. It would however be a step in the right direction, instead of everyone building their own validation routines (e.g. re-inventing the wheel). Maybe such modules already exist and this is old stuff, but just a thought that it should become mainstream practice.

Now, please tell me some of your suggestions :)