Hi! The security principle of minimizing your attack surface (Writing Secure Code, 2nd Ed.) is all about minimizing open sockets, rpc endpoints, named pipes etc. that facilitate network communication between applications. Web services and Service Oriented Architecture on the other hand are all about exposing functionality to offer interoperability. Have any of you had discussions on the seemingly obvious conflict between these things? I would be very happy to hear your conclusions and opinions!
Regards, John ____________________________ John Wilander, PhD student Computer and Information Sc. Linkoping University, Sweden http://www.ida.liu.se/~johwi _______________________________________________ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php