Friday, July 18, 2008
How come Enterprise Architects are clueless about security?
Have you noticed that pretty much all of the conversations on SOA talk about products, governance and other considerations but conveniently ignore security? As a member of both the SOA Consortium and OWASP I tend to see both perspectives but have been struggling to enable conversations at an industry level on these topics.
Industry Analyst Brenda Michelson of Elemental Linksand I have been discussing how we can wire these two conversations together. There are lots of enterprisey types that understand SOA. The challenge is in finding those who are security literate who work directly with these same enterprises. In searching my own network, I can only find consultants and software vendor types.
If you happen to know anyone that can talk deeply about SOA security, I would like to wire them into the SOA consortium conversation...