So, I see this argument being equivalent to saying websites shouldn't allow 3rd party ads because those ads can be used to drop malware. Websites shouldn't allow for iframes because a XSS could drop an iframe that drops ransomware via drive-by attack. In this regard, Microsoft should also be held responsible for allowing VB scripts to be linked in a Word document because those are also common methods of malware dissemination.
In a way yes. We must be designing software assuming that these vectors will be used to attack a system. As you correctly show, this isn't a problem limited to just Microsoft. It's a design issue that all projects face. We continue to use designs that do not adequately product our systems from attacks.
Websites allowing 3rd party ads is one particular thing that is a security/privacy issue. I mentioned this in another article of mine: mortoray.com/2017/05/02/fix-your-c...
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
So, I see this argument being equivalent to saying websites shouldn't allow 3rd party ads because those ads can be used to drop malware. Websites shouldn't allow for iframes because a XSS could drop an iframe that drops ransomware via drive-by attack. In this regard, Microsoft should also be held responsible for allowing VB scripts to be linked in a Word document because those are also common methods of malware dissemination.
Is that your line of thinking?
In a way yes. We must be designing software assuming that these vectors will be used to attack a system. As you correctly show, this isn't a problem limited to just Microsoft. It's a design issue that all projects face. We continue to use designs that do not adequately product our systems from attacks.
Websites allowing 3rd party ads is one particular thing that is a security/privacy issue. I mentioned this in another article of mine: mortoray.com/2017/05/02/fix-your-c...