I'm starting to wonder if social networking sites (@facebook, @Twitter) and search sites (@Google) of today are similar to web browser engines around 2003 (?) or so, around when use-after-free had just been demonstrated to be a reliable security exploit.

Around this time, I think Microsoft stopped feature development for an extended period of time and focus on software security across Windows and Internet Explorer. This made a big difference to security. (It may have had interesting effects on the progress of Web technology.)

Are @facebook and @Twitter and @Google now looking at gaming of their algorithms as a security vulnerability the way we in the browser world now look at things that could give sites the ability to execute arbitrary code on a user's computer?

And to be clear: norms in the browser engine world are moving towards multiple layers of protection: writing code in safer languages, aggressively fixing even potential vulnerabilities, tools for software auditing, sandboxing that prevents many APIs from being called, etc.

I'm not entirely sure what the equivalents would be in search and recommendation algorithms. I'm not an expert in those fields. But I think if the best minds in those fields see it as a problem to be solved, there will be serious movement towards solutions.

Sure. But I also think that concrete definition is substantively different from what it was in 2000, both in including more types of low level techniques and in including attacks that depends on the user's interaction with the interface.

Yeah, it's certainly a different threat to the business: regulation rather than customer dissatisfaction.