15Seconds WebLog

if paid professional developers don't bother writing 2 versions of code that they are writing for their livelihood, I don't see scriptkiddies bothering to write a different version of the hack for each browser. The code would not have to be written only once, not sure why you say that.

I'm sorry. Let me clarify. Ten versions only once, not one version only once.

Paid pros now don't develop multiple versions because of the cost/benefits. If there were more browser parity, they probably would write multiple versions.

Are these pieces of malicious code so detailed and extensive that it would take much time to write multiple versions?

In OS-level exploits, the code probably wouldn't be that different between browsers, assuming the browser simply passes off the responsibility to the OS (see the current shell: exploit). For exploits that are due to the browser, then I would say that the code could be completely different from browser to browser, if it worked at all.

This is immediately demonstrated by the number of cross-browser exploits in the last year. How many are there? Anyone? Anyone?

Knowing that I would have to test and/or write code for 9 browsers at 10% marketshare each instead of for 1 browser with 90% marketshare makes the scriptkiddie exploits a lot less exciting.