2008... what's in store?

The security game is a game of cat and mouse. Jedis vs Sith, with Sith usually having the upper hand. What is going to be the big news this year? Overflows will still rear their heads.. this is a given, but what is going to be the direction for this year? Web application security seems to be a big issue brought into the light this year. Sites like MySpace, and Facebook, both of which are constantly undergoing scruitiny, continue to errupt with vulnerabilities. There is always a trade off when attempting to design software which keeps ease of use in mind. You don't want to make something too hard, hence the users won't use it, but you don't want to leave it sitting wide open either. This will definitely be interesting to see how the web arena plays out. Any other thoughts on vulnerability directions this year?