Zero Steps Forward

I was thinking about the history and future of infosec this weekend, and became particularly morose. I approached it from this angle:

Thinking about this, I asked myself: Ok, that's pretty damning. But I'm sure there's problems that have been solved in this time, like...


I've been trying to think of a class of security problem that's been effectively mitigated out of relevance, and I can't think of one. Not a single one.

I used to think "telnet and rsh/rcp" was one, but between a couple banks I've visited and... umm... new environments I've gotten to know pretty well, I feel I can safely say that cleartext network traffic is still a problem.

We can't even expect software vendors to keep their code fixed once a vulnerability has been found and patched. Windows re-introduced the land attack in XP, for both IPv4 and IPv6. Solaris magically re-introduced the -froot vuln. My theory on this is that the people who wrote the fixes have retired or otherwise moved on, leaving people without the experience to rewrite the code.

So, here's the fundamental question. Am I missing a class of vulnerability that's been effectively addressed? Just one?