Fortify is calling on the IT security industry to make a consolidated attack on cross site scripting flaws before the problem becomes unmanageable
Fortify Software says that the issue of cross-site scripting flaws needs to be tackled by the Internet and IT security industry in particular, before it gets out of hand.
'A report out this week from security watchdog XSSed has identified no less than 30 cross-site scripting flaws across the sites of McAfee, Symantec and Verisign. The flaws are notable, as they can be used to engineer frauds and/or malware infections on site visitor's PCs,' said Rob Rachwald, Fortify's director of product marketing.
'They are also notable because they have been discovered on IT security vendor's sites, so there's a strong chance that similar flaws exist on many other company's portals,' he added.
According to Rachwald, the security industry has had a track record of playing down cross-site scripting flaws, but XSSed's report indicates that the problem needs addressing, and addressing quickly.
'Failure to address this problem in a timely manner could see a recurrence of major site hacks using XSS flaws seen on the likes of MySpace and Paypal,' he said.
