Are we about to turn the corner in our battle with cybercrime? Is our threat vector about to make a dramatic change of direction? Is the really light at the end of the tunnel? A year ago, the available data would have me believe that the problem will never get better. The month all has changed.
Microsoft has released their latest Security Intelligence Report for the first half of 2007. It provides the first empirical indication we have the theoretical actions to prevent security oriented issues do indeed have an impact. This ranges for the way you build and design operating systems, how best common practices (BCPs) work, and that automated clean-up/patching all work.
There is actual light at the end of the tunnel. We can, as an industry, build an infrastructure which is highly resistant to an market driven criminal economy. That path to the end of the tunnel is in sight. But, like all journeys, the last leg is always the part with the highest chance of failure. We now know that theory works. It is the breach in the wall of security despair. Time to drive a forward in to the breach.