James McGovern kicks off the 2007 prediction season, among the predictions this security-centric prediction caught my eye
Security: in 2007, industry analysts who provide coverage on SOA, BPM, ESB, Portals and CRM will start including research into the products which provide the most secure implementation. Analysis may include coverage of the vendors secure software development practices, which industry standards in the security space they implement and even the results of security vulnerability scans using automated tools. Likewise, vendors will realize that security may be the next killer application and will be marketing it as such
This would be great if it happened. While the vendor coverage on SOA, Web 2.0, and friends is substantial, the pluses and minuses of these systems vis a vis security are not high on the analysts to do list. Strange. Why, for example, don't more ESBs support WS-Trust? This should be a core security technology, but instead most have manual or hard-coded methods. When choosing between a myriad of vendors and technologies, shouldn't the support for security standards (which is relatively straightforward for an analyst to quantify) and the security of the implementation enter into the analysis?
While the security issues may not trump all the other issues involved in these analysis, they are still very relevant. Consumers may not spend 50% extra to get a car with side impact airbags, however if you are buying a car and the features and price are similar wouldn't you buy the one with side impact airbags?
Comments