Apparently, ’tis the season to be jolly. But as we all know, it’s actually the most nauseatingly commercial time of the year and the season to be permanently hungover. As this is my second Christmas at IT Week, I am now officially a veteran pundit and so feel qualified to offer up some erroneous industry predictions for you to digest with your turkey over the festive period.

If it’s all right by you, I’ll eschew storage, network infrastructure and business intelligence this time and stick to something a little more racy; security and the web. Any of you who’ve read my IT Week blog recently will know I’ve been doing some digging around the potential vulnerabilities in web sites that rely heavily on user-generated content – that primary signifier of Web 2.0. While many IT managers have yet to make up their minds about Web 2.0’s business value, it seems boardrooms up and down the land are already convinced of the commercial benefits of blogs and podcasts. A survey by internet marketing specialist E-consultancy and digital agency cScape last month showed that more than half of firms are planning to introduce Web 2.0 innovations in 2007.

Admittedly, surveys make for good headlines and are often highly misleading, but it’s yet another sign of growing acceptance of the technologies behind the second coming of the web. This impression was reinforced last week by analyst firm Gartner, which released a report warning enterprises that they ignore Web 2.0 at their peril. Given the above, I don’t think I’m chancing my arm too much by predicting that a significant number of enterprises will be investing in some Web 2.0 project or other next year, whether on their intranet or customer-facing sites.

But now for the cautionary note. As reported in last week’s IT Week, researchers at several web security companies have warned that firms that allow staff to access sites such as YouTube and Wikipedia could be putting their systems at risk. This is because sites that rely on user-generated content could be vulnerable to pesky malware writers uploading exploits of various kinds. While these threats are mainly theoretical at the moment, they are likely to become very real as the popularity of said sites continues. So, here’s a top tip for 2007: think about tightening up your web usage policies and investing in better content-scanning technology.

Ajax – asynchronous java and XML – is another area highlighted as potentially dangerous. Yes, it is revolutionising the web user experience, but, as McAfee, Symantec and other security firms have pointed out, it can increase the possibility of cross-site scripting and other attacks. Not that it is an inherently flawed technology, it’s just open to the same bad-coding practices that afflict much of software development.

It’s not time to scratch Web 2.0 off your 2007 wish list just yet, though. There are certainly more positives than negatives to be had, as long as you remember to look before you leap.