Brian Prince from eWeek included some of my comments on HTML5 risks in his article “Will HTML 5 and IPv6 Find Their Way into Malware Attacks in 2010?”
HTML5 is certainly exciting from a features and functionality standpoint – it offers a number of new capabilities for web application developers to create cool applications. However – as we saw with mainframe developers who started developing web applications and web application developers who started developing AJAX applications – a lack of understanding about how new technologies work can lead to problems. Just because you can do something doesn’t mean you should do something. HTML5 offers a number of new capabilities that web application developers need to take a little bit of time to understand before they actually deploy applications using them. Threat modeling is invaluable for developers who want to develop applications in a secure manner with new and exciting technologies.
Please contact us if you would like to discuss steps you can take for your organization to deploy cutting-edge technologies in a secure manner.
-Dan
dan _at_ denimgroup.com