It's time to kill Flash, says Facebook's new security chief
Adobe's long-time favorite plugin is no longer welcome on the web, says Facebook's new chief security officer.
In tweets posted over the weekend, Alex Stamos, who joined the social networking giant from Yahoo last week, said the popular web plugin used for videos and games had to go.
"It is time for Adobe to announce the end-of-life date for Flash and to ask the browsers to set killbits on the same day," he said in one tweet. He followed up in another tweet, adding: "Even if 18 months from now, one set date is the only way to disentangle the dependencies and upgrade the whole ecosystem at once."
Stamos isn't the first person to call for the plugin's end-of-life, nor will he be the last. The plugin has been a cornerstone of modern Web use since its inception almost 20 years ago, and has been installed on more than 500 million devices to date.
But in recent years the plugin has suffered with a spate of vulnerabilities, allowing hackers to infiltrate systems, networks, and companies using exploit tools. Just last week amid the Hacking Team breach that led to more than 400GB worth of the company's data leaking, two zero-day flaws were actively targeting the software in order to carry out surveillance.
Almost every week, a new flaw is found and patched by Adobe, which bought the plugin's maker in 2005. And in some cases, it's been the basis for advanced persistent threats targeting major vertical industries.
Stamos isn't saying the plugin should be killed overnight. Facebook has helped to make famous some of the world's biggest gaming companies thanks to the Flash platform, such as Zynga.
There are a number of alternatives to Flash, like HTML5, which many are adopting. But it's clear by looking at the threat landscape that the harm caused by some Flash exploits significantly outweighs the platform's benefits, and have done for some time.