New browser plug-in technology needs to be very secure, maybe even more secure than already existing solutions. The question is whether there's something to be learned from the mistakes and weaknesses of similar technology. Does Silverlight deserve to be called "Silverstrong" because of its security? The second part of the talk will be a step-by-step analysis comparing the security of Silverlight and Flash. Similarities and differences such as security sandboxes, requests and sockets handling, cross-domain policies, and persistent storage will be discussed, including attack scenarios.