Comment Secure HTM (Score 1) 205
The major source of security issues is the bloated, complex software that we use. So as a first step how about a new standard "Secure HTML". It would look a lot like HTML 4.0 but with many things removed. Of course no JavaScript, IFrames or CSS. Very simple formatting. Content on a page would need to come form the same domain (no request forging). Links of page would always show the off page address, in plain ASCII. Etc.
Just enough to provide functional web pages without glitz. The goal being to make the entire browser code no bigger than the original Mosaic code. So that it can be thoroughly reviewed and made really bug free.
Normal users would not touch it. But for anyone with access to a SCADA system, for example, it could be mandatory. That cuts down one major source of infection.