As far as attack surface goes, the comparison between Flash and HTML5 really isn't a comparison.
I'll take the HTML5 pain if it replaces the black box of paper thin glass that is Flash. On Tue, Dec 4, 2012 at 2:08 PM, Jeffrey Walton <noloa...@gmail.com> wrote: > > http://www.thesecuritypractice.com/the_security_practice/2012/11/in-defense-of-html5-1.html > > Many of the broad family of specifications commonly grouped under the > “HTML5” umbrella are scheduled to be completed in 2013, and with the > release of Internet Explorer 10, the users of every major web browser > flavor can enjoy rich Web apps written on the open web platform, with > no need for plugins. > > Lots of people are excited about HTML5, but one group I don’t see as > particularly excited are security experts, or perhaps they’re only > excited in a rather cynical fashion. Full employment! Browser > botnets! A lifetime of conference talks! And the malediction against > HTML5 isn’t just coming from folks with a product to sell or a slide > deck to submit – HTML5 has become a common boogeyman representing > out-of-control complexity and vast attack surface for some of the very > best analysts and researchers in the field. So, although developers > are racing to embrace it, CISOs, CIOs and enterprise > security decision makers as a group seem wary. > > Frankly this puzzles and distresses me, because from my perspective, > HTML5 is a key part – perhaps the most important part – in one of the > greatest security success stories in the history of computing. The > story of the web browser over the last decade is the story of > something completely unprecedented – a tremendous increase in > functionality and use that happened side-by-side with a tremendous > decrease in vulnerability and attack surface. Don’t believe me? > Let’s go back a decade… > > ... > _______________________________________________ > Fun and Misc security discussion for OT posts. > https://linuxbox.org/cgi-bin/mailman/listinfo/funsec > Note: funsec is a public and open mailing list.
_______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
