So 2009 is pretty much done. Nothing truly amazing sticks out in my mind. That means it was either so bad I've blocked all traces out, or nothing overly exciting really happened.
I'm pretty sure it's the latter.
As it's my duty as an Internet citizen to make up crap that I can't possibly know will come true, I predict 2010 will be just like 2009, but with more disaster movies coming out.
I think the universe of security is getting dull. This is a good thing though, as it means the good guys are doing their jobs. There are always going to be things like botnets and evildoers looking to take advantage of the unsuspecting, but this is no different than in the physical world. There are bad guys, they exist because there's money to be made from exploiting others. I imagine thief is the second oldest profession.
The real stories of security are the few number of things like worms and wide scale defacements of the days of old. Most admins understand that updates must be applied promptly, and many vendors are now releasing those updates ASAP. There are technologies that can help make exploits very hard to write.
The future of exciting security research will probably move to virtualization; it's currently a lot like Swiss cheese in terms of keeping things secure. Unfortunately security is generally a reactive thing, so until there are problems found, I don't expect much proactive work done in virtualized security.
