The popular social news site Reddit was breached with an XSS exploit. Of course, the article does not indicate what, if any, protection methods Reddit was using to prevent this most popular of web site exploits. I wonder how they would do if an auditor showed up tomorrow using CSIS's Twenty Critical Cyber Security Controls (I previously posted) as a reference.