.jpg)
Alan Pelz-Sharpe is one of the sharpest industry analysts in the ECM space. Analyst firms manage a lot of their own content. I am curious when he will blog on what cmswatch.com uses for their ECM platform. Maybe he could provide insight into how analyst firms think about ECM for their own use?I ran across a coworker who mentioned that their kid attends Premier Martial Arts and was curious if this is a real martial arts program or a McDojo?I was thinking about a message I saw on the OWASP chapter leaders list regarding working with software vendors to help make application security visible and was curious to know what is the best way to work with folks from Sun and the Ruby community on deprecating insecure servlet APIs and providing more secure replacements without running into the repeat-after-me I would rather have insecure web applications than to break backward compatibility.The Identity and Privacy side of the house of Burton Group has wonderful interoperability events where they have investigated SAML, XACML and OpenID. I wonder if Anne Thomas-Manes and Dan Blum would be game to start a similiar event focusing on static analysis tools where they would have Ounce Labs, Fortify Software, Coverity, Klocwork, etc all scan and show results publicly of three different applications chosen by analysts?It's 2009 and James Governor of Redmonk hasn't blogged on any published papers in the security space. The COA work several years ago was brilliant and I hope that he knows that the masses are screaming for round two.In my homework of federated identity, I haven't ran across any customers of either Sun nor PingIdentity that have customers in the P&C insurance vertical. I wonder what they are doing to talk about identity federation in a vertical context?The blogosphere has been somewhat quiet on the value proposition of CARML and AAPML. Other than bloggers from Oracle, no one else seems to care? I would think the identity crowd and the likes of Jeff Bohren, Ian Glazer, Mark Diodati, Gerry Gebel, Pat Patterson and others would have some opinion on it by now.Awhile back, I said publicly that Ruby on Rails is not enterprise ready. This statement still holds true in 2009. The key change though is that I will expend some effort to invalidate my own beliefs.I've noticed an interesting behavior that I find somewhat frustrating. Many folks would love to know my opinions on Barack Obama but are afraid to ask. Political correctness blows. Who cares about offending someone as it is more evil to allow others to remain ignorant and remove their opportunity to gain new insights.Robert McIlree runs the Carnival of Enterprise Architecture which sums it up. He has a way of promoting finely buffed circus oriented architectures.I am glad that James Robertson has found something better to do than to provide commentary on why I am wrong regarding Smalltalk being a dying language. Hopefully, he spent some time looking at market trends.Log management platforms such as Splunk, Logarythm, LogLogic, etc are all the rave in the world of PCI, however another conversation needs to occur where we talk about the insecurity of logs generated by shared platforms. For example, if Credit Suisse, Goldman Sachs and Monsanto all use the same SaaS vendor who writes one big log file with all the users intermixed, then how do these platforms allow for monitoring without causing leaks
# posted by James McGovern @ 6:30 AM
