The security principle of minimizing your attack surface (Writing Secure 
Code, 2nd Ed.) is all about minimizing open sockets, rpc endpoints, 
named pipes etc. that facilitate network communication between 
applications. Web services and Service Oriented Architecture on the 
other hand are all about exposing functionality to offer interoperability.
    Have any of you had discussions on the seemingly obvious conflict 
between these things? I would be very happy to hear your conclusions and 

    Regards, John

John Wilander, PhD student
Computer and Information Sc.
Linkoping University, Sweden
Secure Coding mailing list (SC-L)
List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
List charter available at - http://www.securecoding.org/list/charter.php

Reply via email to