Re: [SC-L] BSI: SOA what?

[Gunnar Peterson]

Good stuff, you (and your co-authors) are right: SOA and Web Services are
properly viewed as opportunities for security improvements, not security
nightmares.

Also, I have a paper here (http://www.arctecgroup.net/ISB1009GP.pdf) on Service
Oriented Security (SOS) Architecture

-gp

Quoting Gary McGraw <[EMAIL PROTECTED]>:

> Hi all,
>
> I'm sure by now everyone has heard at least one marketing person say SOA
> in some capacity.  Such it is with buzzwords.  Looks like we're still
> climbing the hype curve with this one too.  The one great opportunity
> with SOA (or Service Oriented Architecture for those allergic to
> acronyms) is that during a rearchitecting exercise, software security
> can play a critical role.  Avoid flaws when rearchitecting by applying
> the architectural risk analysis touchpoint!
>
> IEEE Security & Privacy magazine published an article that Jeremy, Scott
> Matsumoto, and I wrote about SOA security.  You can get it here:
> http://www.cigital.com/papers/download/bsi12-soa.doc.pdf
>
> Please consider subscribing to IEEE S&P.  It's a great magazine and a
> bargain at only $29 (no IEEE membership required).  See
> http://www.computer.org/security/bsisub for more.
>
> gem
> www.swsec.com
>
> p.s. I recently updated my home page after, oh, three or four years...
> www.cigital.com/~gem
>
>
> 
> This electronic message transmission contains information that may be
> confidential or privileged.  The information contained herein is intended
> solely for the recipient and use by any other party is not authorized.  If
> you are not the intended recipient (or otherwise authorized to receive this
> message by the intended recipient), any disclosure, copying, distribution or
> use of the contents of the information is prohibited.  If you have received
> this electronic message transmission in error, please contact the sender by
> reply email and delete all copies of this message.  Cigital, Inc. accepts no
> responsibility for any loss or damage resulting directly or indirectly from
> the use of this email or its contents.
> Thank You.
> 
>
> ___
> Secure Coding mailing list (SC-L)
> SC-L@securecoding.org
> List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
> List charter available at - http://www.securecoding.org/list/charter.php
>

___
Secure Coding mailing list (SC-L)
SC-L@securecoding.org
List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
List charter available at - http://www.securecoding.org/list/charter.php

[SC-L] BSI: SOA what?

[Gary McGraw]

Hi all,

I'm sure by now everyone has heard at least one marketing person say SOA
in some capacity.  Such it is with buzzwords.  Looks like we're still
climbing the hype curve with this one too.  The one great opportunity
with SOA (or Service Oriented Architecture for those allergic to
acronyms) is that during a rearchitecting exercise, software security
can play a critical role.  Avoid flaws when rearchitecting by applying
the architectural risk analysis touchpoint!

IEEE Security & Privacy magazine published an article that Jeremy, Scott
Matsumoto, and I wrote about SOA security.  You can get it here:
http://www.cigital.com/papers/download/bsi12-soa.doc.pdf

Please consider subscribing to IEEE S&P.  It's a great magazine and a
bargain at only $29 (no IEEE membership required).  See
http://www.computer.org/security/bsisub for more.

gem
www.swsec.com

p.s. I recently updated my home page after, oh, three or four years...
www.cigital.com/~gem 



This electronic message transmission contains information that may be
confidential or privileged.  The information contained herein is intended
solely for the recipient and use by any other party is not authorized.  If
you are not the intended recipient (or otherwise authorized to receive this
message by the intended recipient), any disclosure, copying, distribution or
use of the contents of the information is prohibited.  If you have received
this electronic message transmission in error, please contact the sender by
reply email and delete all copies of this message.  Cigital, Inc. accepts no
responsibility for any loss or damage resulting directly or indirectly from
the use of this email or its contents.
Thank You.


___
Secure Coding mailing list (SC-L)
SC-L@securecoding.org
List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
List charter available at - http://www.securecoding.org/list/charter.php