I work at oneforty.com, and we have seen the problem first hand. Lots of “people” have submitted spam-like reviews of Twitter apps along these lines:
1) The review contains nothing except a link to the author's web site.
2) “If you like this app you will love <some other app/url>”
3) “Get cheap viagra cialis here”, etc.

Some of these — notably #2 — are difficult to detect. Nothing seems to catch them. But what is frustrating is that our tests with Akismet and TypePad almost always fail with #1, and usually fail with #3! In fact the comment “cheap viagra http://cheapviagra.com“ did not get caught by Akismet in our tests (interestingly, it did work when we omitted the URL). We have a home-brewed solution that helps with #1 and #3, but it's not perfect. And more importantly, we want to spend our time building our web site, not anti-spam tools.

There's a final category that we have to deal with, which we call “crap content.” This consists of the useless and unhelpful submissions we receive that don't quite fall under the “spam” umbrella. For instance, we have received hundreds of reviews that consist of a single word: “wow!!!”, “nice”, “hi”, “whoa”. Even more along the lines of “cool app” or “I like it.” Even if this is not spam by definition, it reflects very poorly on us if a user comes to our site and this is what he or she sees in the reviews section.

So if the security industry is experiencing a Pax Romana of sorts, perhaps they could lend their talents to this area. If they build it, we'll gladly buy it.

I work at oneforty.com, and we have seen the problem first hand. Lots of “people” have submitted spam-like reviews of Twitter apps along these lines:
1) The review contains nothing except a link to the author's web site.
2) “If you like this app you will love <some other app/url>”
3) “Get cheap viagra cialis here”, etc.

Some of these — notably #2 — are difficult to detect. Nothing seems to catch them. But what is frustrating is that our tests with Akismet and TypePad almost always fail with #1, and usually fail with #3! In fact the comment “cheap viagra http://cheapviagra.com“ did not get caught by Akismet in our tests (interestingly, it did work when we omitted the URL). We have a home-brewed solution that helps with #1 and #3, but it's not perfect. And more importantly, we want to spend our time building our web site, not anti-spam tools.

There's a final category that we have to deal with, which we call “crap content.” This consists of the useless and unhelpful submissions we receive that don't quite fall under the “spam” umbrella. For instance, we have received hundreds of reviews that consist of a single word: “wow!!!”, “nice”, “hi”, “whoa”. Even more along the lines of “cool app” or “I like it.” Even if this is not spam by definition, it reflects very poorly on us if a user comes to our site and this is what he or she sees in the reviews section.

So if the security industry is experiencing a Pax Romana of sorts, perhaps they could lend their talents to this area. If they build it, we'll gladly buy it.

I have experienced this first hand. There was a long period of time at
stocktwits where I was dedicated 50% of my day to spam.

For example, the “single site rule” was created to plug cross-domain scripting attacks, but developers are actively trying to find ways around it so as to make their applications be able to dialog with multiple data sources.

I would also think richer AJAX web apps replacing the need for downloads helps a lot since the browser has a pretty good security model (certainly much better than Windows).

One thing I think you could argue is that security threats have moved higher “up the stack” along with most other interesting innovation on the web. Instead of the threat being people breaking into your computer, it's more about the online pharmacy site not being legitimate. That was part of the thesis of SiteAdvisor and I think the trend has only gotten greater.