If you have been a part of the security community for even just a couple of years you have no doubt noticed the decrease in serious bugs being reported and exploited out there. This is definitely no coincidence. Vulnerabilities are getting harder to find and even harder to exploit. This creates a lot of value for quality bugs in widely used software. I have partly blogged on this in the past.
I should also probably mention I don't consider XSS bugs a part of these statistics...yet. They are without a doubt a serious issue but at this point are still in their infancy and affect (probably) more then %90 of web applications out there. It's like looking back at bugtraq from 2000 and seeing "buffer overflow", they too will settle down in time.
Sometimes we still see straight forward stack overflows like the recent Snort DCE/RPC overflow found by Neel Mehta, but in general I feel bugs are getting more and more obscure. I personally feel there are many, many integer over/under flow vulnerabilities still waiting to be found, they are hard to come by and even harder to exploit, the conditions have to be just right. We saw new research into uninitialized variable attacks in the past two years, yet they remain non existant on our mailing lists. Are they not being found? Or just very hard to exploit?
So whats the point of this blog post? A question for you. What is the future of vulnerability research? Where are we headed in terms of exploitation techniques? Are there anymore undiscovererd bug classes?
My answers to these questions-> The future of vulnerability research is this. Bugs will continue to become more and more obscure and gain more and more monetary value as time goes on. Exploitation techniques are going to get trickier in order to defeat now mainstream memory protection techniques. There are undiscovered bug classes in my opinion, and when I find one, i'll let you know!