Flash gets a lot of bad press as a risky technology, but Mike Bailey, a senior security analyst with Foreground Security, says that a big part of the problem is programming errors.
“The issues that I’m discussing can be prevented by Web site owners by being very careful about the Flash content they host and the way they configure and design Flash objects,” Bailey said. “All of these issues can be prevented at various stages. Potentially they could be prevented by Adobe, but that would limit functionality.”
For example, Bailey said that developers could prevent many XSS attacks if they better understood Flash and were more vigilant about sanitizing inputs.