Good stuff, you (and your co-authors) are right: SOA and Web Services are properly viewed as opportunities for security improvements, not security nightmares.
Also, I have a paper here (http://www.arctecgroup.net/ISB1009GP.pdf) on Service Oriented Security (SOS) Architecture -gp Quoting Gary McGraw <[EMAIL PROTECTED]>: > Hi all, > > I'm sure by now everyone has heard at least one marketing person say SOA > in some capacity. Such it is with buzzwords. Looks like we're still > climbing the hype curve with this one too. The one great opportunity > with SOA (or Service Oriented Architecture for those allergic to > acronyms) is that during a rearchitecting exercise, software security > can play a critical role. Avoid flaws when rearchitecting by applying > the architectural risk analysis touchpoint! > > IEEE Security & Privacy magazine published an article that Jeremy, Scott > Matsumoto, and I wrote about SOA security. You can get it here: > http://www.cigital.com/papers/download/bsi12-soa.doc.pdf > > Please consider subscribing to IEEE S&P. It's a great magazine and a > bargain at only $29 (no IEEE membership required). See > http://www.computer.org/security/bsisub for more. > > gem > www.swsec.com > > p.s. I recently updated my home page after, oh, three or four years... > www.cigital.com/~gem > > > ---------------------------------------------------------------------------- > This electronic message transmission contains information that may be > confidential or privileged. The information contained herein is intended > solely for the recipient and use by any other party is not authorized. If > you are not the intended recipient (or otherwise authorized to receive this > message by the intended recipient), any disclosure, copying, distribution or > use of the contents of the information is prohibited. If you have received > this electronic message transmission in error, please contact the sender by > reply email and delete all copies of this message. Cigital, Inc. accepts no > responsibility for any loss or damage resulting directly or indirectly from > the use of this email or its contents. > Thank You. > ---------------------------------------------------------------------------- > > _______________________________________________ > Secure Coding mailing list (SC-L) > SC-L@securecoding.org > List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l > List charter available at - http://www.securecoding.org/list/charter.php > _______________________________________________ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php