The start-up, FHTML, announced software Monday at the TechCrunch50 conference that's intended to give HTML-style programmers the ability to use Flash features.

FluidHTML's language is an extension of HTML, the company said. "We borrow a lot of the really good ideas from HTML, because why wouldn't we?" said Chief Executive Michael Collette at the conference.

The approach holds some promise--but it also poses some risks. It may be complicated trying to get HTML and Flash programmers to work together, but at least those are established disciplines. FluidHTML requires a language known by neither set of coders right now, and the technology is supported just by a start-up still seeking its own programming staff and $1 million to $2 million in venture funding.

HTML, the traditional language of the Web, got its start showing just text and images with basic layouts. The second, begun by Macromedia and now led by Adobe Systems, is better suited for animations and flashy graphics, video, and increasingly, applications as well.

But a different set of programming skills are required to build Flash-powered sites or applications, so it doesn't always coexist easily on the same Web site. Programming is getting even more complicated as Flash converges with HTML and its companion, JavaScript.

FluidHTML relies on a Flash software module that programmers can embed in their Web pages. It interprets the HTML-esque code to supply Flash features such as vector graphics, sound, and video.

"The markup language supports very powerful commands (tags) and can do remarkable things that take enormous development effort in Flash," the company said. "FluidHTML RIAs (rich Internet applications) can be developed by less expensive programmers and require fewer man-hours to build than Flash."

Organizations are finding it difficult to prioritize defense strategies against cyberattacks because most of them do not have an Internet-wide view of the attacks, according to a report from SANS Institute, the security training organization.

As a result, two security risks--Web applications and phishing--carry the greatest potential for damage, even though users instead tend to concentrate on less-critical risks.

The report, published by security training organization SANS Institute, amalgamates global data from security attacks on computers from March to August.

It identifies two main defense priorities for enterprise users. The first is targeted e-mail attacks, or spear phishing, that exploit client-side vulnerabilities in programs such as Adobe Systems' PDF Reader and Flash, Apple's QuickTime, and Microsoft's Office. These applications are described as the "primary initial infection vector used to compromise computers that have Internet access" and are the result of attackers taking advantage of "programming errors that are not being picked up by common vulnerability scanners."

The second priority is vulnerable sites. More than 60 percent of attacks are against Web applications and "convert trusted Web sites into malicious Web sites serving content that contains client-side exploits" by exploiting the most common vulnerabilities such as SQL injection and cross-site scripting flaws, in both open-source and custom-built applications. Such vulnerabilities make up more than 80 percent of attack opportunities.

A further finding is that applications are now more vulnerable and see more exploitation attacks than operating systems. There were no new major operating system worms seen in the wild during the reporting period.

Additionally, the report found there has been a "significant increase" over the past three years in the number of people discovering zero-day vulnerabilities: flaws that become known to attackers before they are discovered by security researchers, opening the chance of an attack against which no preparation has been made.

"This report is different from anything we have done before," a SANS spokesman said, "because it reflects massive amounts of data on the actual attacks (millions of them) and on the speed with which the underlying vulnerabilities are being patched (actual data from thousands of companies)."

The report sources includes attack data from 6,000 organizations, compiled by security hardware vendor TippingPoint, vulnerability data from 9 million computers compiled by security software vendor Qualys, and additional analysis and tutorial by the Internet Storm Center and SANS faculty members.

The new feature shows you pretty Silverlight-powered fly-in thumbnail images for only 50 specific search results (it will be expanded in the future), such as "Digital cameras," "New cars," "MLB players," and "Top songs." As you refine a query from one of the 50 visual searches available, thumbnails that don't match your query anymore fly off screen, and the rest reshuffle to fill in the blank spaces.

In a demo (download it here; no audio), the feature looks fantastic, and search results link to other nicely functioning Bing search results pages and widgets, like shopping pages and sports player stats boxes.

Bing Visual Search loads up a page with visual thumbnails of what you're looking for. This example shows yoga poses.

The Visual Search feature showcases the real value of having a search engine that blends structured data into its results. Google has structured data, too. (Try searching for the title of a movie that's currently playing in theaters). But Bing pushes it further. In travel, sports, and product reviews, for example, Bing is extremely aggressive in displaying structured data. Bing also has Powerset technology (it acquired the company in 2008) for analyzing Wikipedia content.

But as with Wolfram Alpha, Bing's visual and textual filters don't work for the offbeat and weird, for a query that's not phrased just right to be picked up by the structured query engine, or for what people might consider ordinary little searches. Type in a less mainstream query, and you're skimming a sea of indexed text from Web pages, not structured data. Bing is still a good general-purpose search engine, mind you, but it does not beat Google as the king of the long tail.

Still, it makes business sense to pour resources into popular searches. Optimizing for the short snout pays. That's the model that made About.com worth $410 million to The New York Times in 2005. And that's what entrepreneur and TechCrunch50 co-host Jason Calacanis is aiming for with his curated directory, Mahalo.

I'd wager that this is how Bing is making its gains in market share. Latest Nielsen data says Bing gained 22 percent month-over-month in August, taking it to 10.7 percent of all U.S. searches. People probably try Bing for a travel or product search (where there's also a cash-back financial kicker) and remember their good experience, and then they try it for more obscure searches and find it good enough. It highlights, I believe, an important flaw in Google's historic strategy of indexing the entire Web equally well and making the user interface fast and consistent above all, as opposed to specializing as dictated by the query.