Date of forecast: November, 2010 (based on CVE data until end of 2009)

Stephan Neuhaus of Universit`a degli Studi di Trento and Thomas Zimmermann of Microsoft Research used the Common Vulnerability and Exposures (CVE) database to predict security trends:

PHP: declining, with occasional SQL injection.

Buffer Overflows: flattening out after decline.

Format Strings: in steep decline.

SQL Injection and XSS: remaining strong, and rising.

Cross-Site Request Forgery: a sleeping giant perhaps, stirring.

Application Servers: rising steeply.

(Security Trend Analysis with CVE Topic Models, ISSRE 2010)