Monday, October 06, 2008
Links for 2008-10-06
I am awaiting someone to start the movement towards open source NDAs. This feels like something James Governor of Redmonk would champion.
The parallels between the financial crisis the US currently finds itself in and the state of information security is uncanny...
Mark Wilcox mentions XACML, something that I am a big fan of yet doesn't comment on whether Oracle will be teaching others how to write better code. Microsoft organizes developer days and Oracle doesn't have the equivalent. The reason why this is important is that many product managers have no clue regarding how to build XACML support into their applications. For example, have you ever heard Craig Randall talk about it being incorporated into Documentum, Jon Newton in Alfresco or Phil Gilbert in Lombardi? Even for the vendors that are aware of XACML are still wrongfully stating that us customers haven't asked for it yet. I wonder if friendly neighborhood industry analysts will uncover the XACML conspiracy
Laurence Hart comments on EMC behavior and noted that Craig Randall issued a press release from his blog which isn't much of a surprise. Laurence also notes that EMC should release an implementation. I would expand his bullets to include giving an advanced copy to OWASP such that security professionals can find vulnerabilities prior to it being put into production by their customers. We know that Craig Randall is most certainly capable of creating fugly WSDL and I may be able to guide him towards something that doesn't repeat DFS mistakes.
I am thinking about presenting at this event on SOA Security. Wouldn't it be cool if there were lots of OWASP-style security discussions at this event?
How crazy do you have to be to leave even the Democrat Party behind for wackier pastures?
Do the vast majority of CISSP and their lack of software development background become an impediment to making the enterprise truly secure?
Links to this post: