Write a small bit more about Java/Flash performance. Needs more.

Author: jacobmischka

src/thesis.bib

@@ -343,3 +343,18 @@ @article{RustBeltRelaxed
 	keywords = {semantic soundness, relaxed memory models, Rust, Iris}
 }
 
+@online{Pwn2OwnMillerInterview,
+	title = {Pwn2Own 2010: interview with Charlie Miller},
+	author = {Matteo Campofiorito},
+	year = {2010},
+	date = {2010-03-01},
+	url = {https://web.archive.org/web/20110424022058/http://www.oneitsecurity.it/01/03/2010/interview-with-charlie-miller-pwn2own/},
+	urldate = {2020-07-13}
+}
+
+@online{CISASecuringWebBrowser,
+	title = {Securing Your Web Browser},
+	author = {United States Cybersecurity \& Infrastructure Security Agency},
+	url = {https://us-cert.cisa.gov/publications/securing-your-web-browser},
+	urldate = {2020-07-13}
+}

src/thesis.tex

@@ -253,7 +253,16 @@ \section{Past experiments}
 high performance and security.
 While Java applets could offer high performance, their reliance on the JRE on
 the host system has both performance and security implications.
-% TODO
+Flash, on the other hand, suffers from poor performance as well as introduces
+a greater security risk.
+% TODO: Reference some performance studies
+In both cases, integrating with another piece of software introduces new
+potential vectors for attackers to exploit---the larger the attack surface
+creates more opportunities for software bugs to result in security
+vulnerabilities.
+% TODO: Link some vulnerabilities
+Security researchers\cite{Pwn2OwnMillerInterview} and the \citeauthor{CISASecuringWebBrowser}\cite{CISASecuringWebBrowser} suggest
+disabling such plugins in order to increase security.
 
 Steve Jobs, CEO of Apple and the primary inventor of the iPhone, listed many of
 the above reasons for his refusal to provide support for Flash on iPhone