funsec mailing list archives
In Defense of HTML5
From: Jeffrey Walton <noloader () gmail com>
Date: Tue, 4 Dec 2012 14:08:37 -0500
http://www.thesecuritypractice.com/the_security_practice/2012/11/in-defense-of-html5-1.html Many of the broad family of specifications commonly grouped under the “HTML5” umbrella are scheduled to be completed in 2013, and with the release of Internet Explorer 10, the users of every major web browser flavor can enjoy rich Web apps written on the open web platform, with no need for plugins. Lots of people are excited about HTML5, but one group I don’t see as particularly excited are security experts, or perhaps they’re only excited in a rather cynical fashion. Full employment! Browser botnets! A lifetime of conference talks! And the malediction against HTML5 isn’t just coming from folks with a product to sell or a slide deck to submit – HTML5 has become a common boogeyman representing out-of-control complexity and vast attack surface for some of the very best analysts and researchers in the field. So, although developers are racing to embrace it, CISOs, CIOs and enterprise security decision makers as a group seem wary. Frankly this puzzles and distresses me, because from my perspective, HTML5 is a key part – perhaps the most important part – in one of the greatest security success stories in the history of computing. The story of the web browser over the last decade is the story of something completely unprecedented – a tremendous increase in functionality and use that happened side-by-side with a tremendous decrease in vulnerability and attack surface. Don’t believe me? Let’s go back a decade… ... _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- In Defense of HTML5 Jeffrey Walton (Dec 04)
- Re: In Defense of HTML5 Stephanie Daugherty (Dec 04)
- Re: In Defense of HTML5 Paul Ferguson (Dec 04)
- Re: In Defense of HTML5 Dan Kaminsky (Dec 04)
- Re: In Defense of HTML5 Paul Ferguson (Dec 04)
- Re: In Defense of HTML5 Michal Zalewski (Dec 04)
- Re: In Defense of HTML5 Jeffrey Walton (Dec 05)
- Re: In Defense of HTML5 Michal Zalewski (Dec 05)
- Re: In Defense of HTML5 Jeffrey Walton (Dec 05)
- Re: In Defense of HTML5 Jeffrey Walton (Dec 05)
- Re: In Defense of HTML5 Stephanie Daugherty (Dec 04)