koto
Neil MatatallI might be a little late to the party, but these XSS stats from Google are wild.
Also: "we have seen zero XSS vulnerabilities since the features were enforced"
https://bughunters.google.com/blog/5896512897417216/a-recipe-for-scaling-security
Blog: A Recipe for Scaling Security
There are vastly more engineers at Google dedicated to creating and maintaining new products than there are security engineers working to secure products. For this reason, Google security has to focus on operating at scale and find ways to make meaningful security improvements across Google’s vast portfolio of services. Curious? See this blog post for details!