A rather scary article: http://www.itworld.com/article/2936575/security/software-applications-have-on-average-24-vulnerabilities-inherited-from-buggy-components.html Does the current Fbox implementation use Java? Should we eliminate it as a matter of necessary security policy? If not, how can we deal with these issues? Are other things we use also high-risk? Javascript? Perl? Python? ...?