First and foremost, the SOA security train is coming into the station one week from tomorrow, February 27th, and I hope you'll all be there for all the learning that'll going to be going on, learning that will undoubtedly help your earning, which you can do by just clicking here!
Also, this morning, I recorded a security podcast with the SOA extraordinare Anne Thomas Manes. We discussed various SOA security issues, and one of the more fascinating, and encouraging things, she related, was the fact that all the tools to secure SOA are already available, and all that's needed is implementation! Make sure you check in this Thursday when the podcast is live on ebizQ.
Now, back to El Blog. I was going to title this blog, "So when do you know your SOA security is enough," as that would have been more accurate, but I just liked this one better, taken, of course, from Nick Lowe via Elvis Costello's bombastic song, "What's so funny about peace, love, and understanding."
Last week I quoted from this document on various SOA security traps, and I just wanted to finish up with the point that, well, how do you know when you're done, how do you know when your SOA is secure enough to go for it!
While there are plenty of tools like penetration testing, vulnerability testing, source code analysis, touchpoint analysis, proof-of-concept, and third party reviews, the fact is, nothing can ever be 100 percent secure. To play on that classic line I once heard from a lawyer, I provide reasonable doubt at a reasonable price, in terms of SOA security, make sure you have reasonable security at a reasonable price. And just in case, make sure you have a contingency plan.
Leave a comment