How will the global application authentication database be updated when any of the following happens? There are a couple of options: an OS puts out a new patch; a software vendor auto-updates its application; a new in-house application gets pushed out; a user builds their own macro. Regardless of the update method, though, a comprehensive, responsive global file signature repository is a step in the right direction.
Some vendors are working on another angle at the same time — forcing developers to set least-privilege permissions on their applications. Right now, an application is installed by the network administrators, who, in turn, basically have to take their best guess at which users need what rights and permissions. The administrator is lucky if the vendor tells them what permissions are needed, but many developers seem to think giving full admin rights to all end-users is the easy-out solution.
In the near future, developers will hard-code the necessary permissions and privileges into the application. The developer will create role-based groups that have least-privilege permissions pre-assigned; when the network administrator installs the application, they can ask the business owners which network users belong in which role-based groups. When the users are added to the role-based groups, the appropriate permissions necessary to carry out their particular function are automatically assigned. No more guessing.
Application validation is a pretty big requirement of any secure ecosystem. Once you have that solved, a whole lot of the other pieces fall into place more easily.
Read more about applications in InfoWorld's Applications Channel.