The threat is significant because it stems from fundamental characteristics of software-as-a-service applications that have been in vogue for about a decade.
Purdy scary stuff...

Effective and efficient mitigations have to be application-specific: developers will need to identify the vulnerabilities first, and then specify mitigation policies accordingly," the researchers wrote. "This effort requires analysis of web application semantics, information flow and network traffic patterns."
Patterns...I love patterns



MLF