Nowadays, even well-known, seemingly legitimate Web sites are prone to inadvertently hosting code that redirects visitors to a malicious site. “Gone are the days when you could tell your end-users not to visit ‘untrusted’ Web sites to minimize their exposure to malware,” Roger Grimes writes in Be careful with transitive trust. Several recent studies have revealed that outsourcing development to third parties is responsible for the majority of Web site vulnerabilities of this sort, Grimes adds. “We’ve always known that contractors don’t have the same intense commitment to a company as the company’s own employees, and now we are seeing the results.” For that reason, “you should strive to measure transitive trust in every extending operation you’re involved with.” Security