Hi, Jeff Hodges and Andy Steinguebl here.
We gave a "status and outlook" talk on the topic of "Web (In)Security: Remediation Efforts" at a major security conference in Feburary.
The thrust of the talk is that currently "the Web" has some issues, and..
- there has been work going on in various fashions to address aspects of this, though it is unfortunately fairly uncoordinated,
- as a result, there are some "knobs and buttons" you as a web application operator can use today to aleviate some of the issues (and here's how),
- there are various high-priority issues that are being addressed in various fora, notably the IETF and the W3C, and you can/should participate.