In an industry where security companies have gotten rich enough to practice what they preach, you'd expect them to be setting the example when it comes to secure coding practices. It's the age old story about the cobbler's kids wearing crappy shoes.
You would expect security companies to hire coders that have at least a basic knowledge to do their jobs securely. How is it that so many such company websites would be afflicted with something as blatant as Cross-Site Scripting flaws? What makes this worse is that some of these companies offer secure web hosting, and post bulletins about other company's security issues! Someone isn't doing their homework.
Some of the companies that should know better: Symantec, Eset, and Panda.
No comments:
Post a Comment