Friday, June 27, 2008

XSS: it's a feature, not a bug?

 Thomas H. Ptacek pointed out this thread over at 37signals, begging the question "which of the 37 signals it the one for FAIL?".

Leaving your products open to abuse and exposing your users to attack is not being a good net citizen.  I am not one of those people who detests the Web 2.0 world- I actively embrace it, I just think fundamental security awareness and responsiveness need to be a part of the system.  And maybe have some concern and respect for your customers.

These posts at the Matasano blog dig deeper into the underlying issues: