They just so happen to see a lot of challenges that their software is well suited to resolve... no surprises there.<p>My predictions for 2022: An awful lot of work to be had before you go insane.<p>I'd expect the trends of "massive complexity causing problems solved by more complexity" to continue, because that's <i>literally</i> the only thing the hardware and software industry seems capable of doing anymore. Stacks of complexity that then require more complex hardware to run, and the cycle continues. <i>Nobody</i> understands the whole stack anymore, except perhaps the malware authors who freely move up and down the stack to accomplish their goals. Those writing the software and, theoretically, auditing the software don't seem capable of finding badness hidden in it - and decades of experience says, "Humans can't find suitably stealthy badness hidden in software, intentional or not." Look at how long some of the really nasty bugs have been floating around (exploited or not, we don't know) before someone finally got around to noticing them. I mean, <i>how long</i> was Debian only generating one of 32k SSH keys?<p>I don't see a good path forward for "connected, computer based, all the things." If we were willing to consider dumping, say, 80% of the features of modern computing, we could probably do a pretty good job securing the other 20% (the commonly used ones). But at too many places, payment and promotion is for features, not bugfixes, not security patches. So new features just keep getting released, old stuff gets abandoned, and the cycle of promotion goes on. The incentives are simply wrong to create anything faintly resembling secure software.<p>And I expect a continuing wave of people who've been doing security for 20-30 years just... quietly retiring to a life of not much consumer tech. The joke in my circles is that we'll be goat or llama farmers, and I'm not sure it's too far from the truth. I expect a large collection, in decades to come, of "You clearly enjoy this farming thing, I don't think you care a bit about making money, and why is the most advanced bit of technology on this place a couple Arduinos?" You'll find them run by former low level security types.<p>I don't know how much runway is left in the current trends of tech, consumer and enterprise, but we're clearly at a point where <i>nobody</i> can reason about the stuff anymore, and even if you're using all the patches, all the best practices... you can still have your whole company shut down by ransomware and such. It's less likely, but still far from impossible, when we see things like former NSA 0days used to deploy ransomware. Pretty hard to defend against 0days.<p>Were I to do a business these days, I'd probably take a serious look at doing things like "Training employees on Qubes" (and buying hardware that can run it). You may not be able to make things impossible for an attacker, but you can sure make them want to go somewhere else for easier pickings (if they're not targeting you, specifically - if they are, you're probably screwed). The whole "Giant Windows Domain" thing repeatedly proves impossible to secure in practice.<p>Or maybe just go back to typewriters and a good secretary or two.