To view the full article in its entirety, please visit eWeek: Rich Internet Applications: The Next Frontier of Corporate Development

The next frontier of corporate development may well be Rich Internet Applications. RIAs are Internet applications which do not necessarily run in the browser and are free of user-interface limitations of that environment. Corporate development went head first into conventional Internet application development before the enormous security implications of that platform were clear. What about RIAs? Is the security picture any better for these platforms?

There are quite a few RIA platforms, but only three of any fame: Adobe's AIR, Microsoft's Silverlight and Oracle's JavaFX. You could make the case that Adobe Flash and Oracle's Java more generally are RIA platforms, but these three are the products marketed for standalone RIA development. AIR is based on the Flash platform and open-source Webkit browser, Silverlight on the .NET framework and JavaFX on Java.

AIR and JavaFX are just a few years old. You can make the case that Java has provided RIAs since 1994. The main innovation in JavaFX is a simpler scripting language. Out-of-browser apps are new to Silverlight 4. Each brings with it many, if not all, security issues of their base platforms.

After examining the products and documentation, it's clear that Adobe has put the most work into security and the documentation of secure practices for administrators and developers. This may be counter-intuitive, as their reputation for security is not a good one lately, and their products are the most-common target out there for attack. But Adobe has adopted several measures in the last year or two to improve the security of their products (most prominently Reader) and these have made a difference. If you are careful and conscientious about your AIR/Flash and application deployments, then you can feel secure about them.