Hacker News new | past | comments | ask | show | jobs | submit login

Partly yes. They certainly have a professional responsibility to write applications that resist well known attacks, such as directory traversal, xss, sqli, etc.

This isn't new, and not knowing how to deal with it is like a builder not knowing how to safely stand up a wall.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact