[ax0n]

Up next: New attack bypasses Firefox security technology, security researcher claims.

I do infosec for a living. I can say with 100% certainty that the good guys are in a constant state of playing catch-up with the bad guys. The only thing we can hope for is to minimize the amount of time that serious vulnerabilities remain exposed, in hopes that it's fixed before someone creates yet another point-and-crack tool for the skiddies.

[tptacek]

Without saying why CSP is particularly susceptable to cat-and-mouse attacks, this comment doesn't have a lot of content. Do you have more thoughts to share about it?

[ax0n]

Some big problems: It requires people to use firefox or for other vendors to adopt CSP, and it only works for sites that integrate it. Until it comes under attack, it's hard to say whether or not it'll fall victim to the cat-and-mouse thing or simply fail to gain traction. I haven't seen CSP in action, so my comment was tongue-in-cheek.