http://blogs.msdn.com/sdl/archive/2008/01/22/new-faces-and-predictions-for-the-new-year.aspxHello all - Dave here For a change of pace, a few of the SDL blog crew decided to take a poke at a "Security Predictions for 2008" posting. In selecting a prediction, the only guiding rule was that the prediction had to cover something that could be influenceden-USCommunityServer 2.1 SP1 (Build: 61025.2)http://blogs.msdn.com/sdl/archive/2008/01/22/new-faces-and-predictions-for-the-new-year.aspx#7203305Wed, 23 Jan 2008 03:21:52 GMT91d46819-8472-40ad-a661-2c78acb4018c:7203305New faces and predictions for the New Year… | Online Services<p>PingBack from <a rel="nofollow" target="_new" href="http://www.fulq.com/new-faces-and-predictions-for-the-new-year">http://www.fulq.com/new-faces-and-predictions-for-the-new-year</a></p> http://blogs.msdn.com/sdl/archive/2008/01/22/new-faces-and-predictions-for-the-new-year.aspx#7213319Thu, 24 Jan 2008 02:39:39 GMT91d46819-8472-40ad-a661-2c78acb4018c:7213319asteingruebl<p>Eric,</p> <p>Wouldn't you rather have a reduction in the total number of vulnerabilities, rather than just the percentage? &nbsp; Ideally you'd like to reduce your total reported vulnerability count rather than just reduce your percentage of the problem. &nbsp;Hackers turning their attention to another product can account for both however, so again maybe its not the right metric?</p> <p>Do you have an associated internal goal related to this? &nbsp;Something like &quot;no more buffer overflows in anything&quot; for example? :)</p>