|
|
|
|
|
|
by Eridrus
3292 days ago
|
|
|
So, I acknowledge there are breaches which started with XSS (Atlassian, etc), but even when you look at breaches that started with "client-side web bugs", how many of those are CSRF rather than XSS? Probably only a fraction, since they're shittier bugs. And then, from the pool of "client-side web bugs", how many involve browser bugs? This is just such a tail risk that it's hard to make myself care. |
|
|