CIOs have gotten a reputation -- rightly or wrongly -- for dragging their feet when it comes to Web 2.0 initiatives like social networks and application mash-ups. The reason: security. Now it appears they may have been justified.According to a news story by my colleague Tom Claburn, many legitimate sites are increasingly rife with malware:

Seventy-five percent of Web sites with malicious code are legitimate Web sites that have been hacked, according to a new security report issued by Websense that covers the first two quarters of 2008. This represents a 50% increase over the previous six-month period.

A lot of this has to do with the rise in Web 2.0 technology. Ninety of the 100 most-visited sites on the Web are either social networking or search sites, according to Websense, and 60% of those "either hosted malicious content or contained a masked redirect to lure unsuspecting victims from legitimate sites to malicious sites."

Social networks like Facebook and MySpace always have been seen as a potential sieve for confidential corporate information. That's why many companies seeking to exploit that collaboration technology for marketing or communication purposes have set up their own internal social networks. Whether to allow employees access to those outside social networks from the corporate network is an ongoing debate.

Application mash-ups are another thing. According to Websense, free online tools from Google and others host a panoply of malicious content. Fearing that, many CIOs have been trying to hold back the widespread use of those tools by line-of-business managers and savvy users, particularly in vertical industries where confidential data might be exposed, such as the financial services industry. However, those CIOs often are characterized as fearing loss of control more than security lapses. Here's a blog I wrote on that subject.

Does this new security data from Websense mean CIOs have been right all along?