I am trying to put a business case together for the deployment of Silverlight within a corporate SEO.
One aspect I am looking at is security. I know Flash has a terrible history of exploits, but what about Silverlight? Has there even been any Silverlight exploits that allow execution of foreign code?
Anyone know where I can get some info or preferably some statistics on this?
A common source of stats is Secunia. Here's their lists of vulns for Flash 9 and Flash 10. I wouldn't say ‘terrible’... I mean, it's bad, but not as bad as Real and QuickTime — media player plugins really are a disaster.
Comparing vulnerabilities by sheer number is of doubtful utility — and prone to all sort of publicity-seeking massaging — but reading through the descriptions should give you a good idea of the sort of problems you can expect to meet more of.
Has there even been any Silverlight exploits that allow execution of foreign code?
Secunia don't have any Silverlight vulns listed, and I haven't heard of any either. But since Silverlight leverages the .NET framework, some of the vulnerabilities of that product (v1, v2, v3) might be accessible to Silverlight apps. This, again, makes comparing numbers even more difficult.
There's not a lot of experience with how Silverlight affects security yet as it is not very widely deployed. It remains to be seen how it will fare both in terms of raw vulns, and prevalence of real-world exploit sites.
In general I would try to keep down the number of plugins to a bare minimum (personally I only have Flash installed, and that using FlashBlock to keep it from untrusted sites), and leave Silverlight alone until there is a specific business-relevant application that needs it. On the plus side, keeping .NET/Silverlight updated shouldn't be an issue as it will fit in with MS's usual update channels.