Today's most prevalent and widely discussed attacks exploit code-level flaws such as buffer overruns and type-invalid input. Now we should turn to tomorrow's attacks, and think beyond buffer overruns, beyond code-level bugs, and beyond the horizon. This article is a call to arms to the research community to look toward the future. The author outlines a few suggestions for important research directions: software design, usability, and privacy. He argues that if we can make any progress on the first two, we could make a strong impact. He highlights the third topic because he thinks it deserves more attention from the scientific and technical communities, to complement the attention it already receives from the policy and legal communities. Because of the author's background in software engineering, he elaborates more on the first research direction than the other two, but believes all three deserve equal attention.