This story is something IT departments should take to heart:

According to a report issued yesterday by WhiteHat Security, nine out of 10 Websites still have at least one vulnerability that attackers could exploit. On average, there are about seven flaws on each site studied” (¶ 2).

I have to wonder though if it is due to time-constrained employees, or the fact that technology is moving so fast that it is hard for the normal employee to keep up with work as well as learning about the new threats.

Cross-site scripting (XSS) is still the top category of vulnerabilities, appearing in approximately 70 percent of Websites, WhiteHat says. But the researchers are predicting that cross-site request forgery (CSRF) will eventually take the No. 2 spot behind XSS” (¶ 4).

This is why I absolutely NEVER use Internet Explorer and I have NoScript installed on every version of my Firefox browser. I’ve run across normal e-commerce sites that NoScript blocked. Whether the XSS script was there on purpose or the site had been hacked I never tried to find out, I just left the site.

— Wilson, T. (2008, March 25). 90% of Sites Still Vulnerable. Dark Reading.