Lists Home |
Date Index |
> From: Roger L. Costello [mailto:email@example.com]
> Any other "best practices"? /Roger
I would add that implementors must take appropriate measures to address
security factors, such as confidentiality and non-repudiation. One of my big
fears is that the web services "revolution" will bring us sensitive
transactions flying around the net in clear text without adequate
authentication. I know for a fact that the lack of understanding of security
concerns among most developers is leading to some truly frightening systems,
and the internet today is like a global piece of swiss cheese with gaping
security holes all over the place.
I agree with Bruce Schneier  that customers and courts need to start
holding software vendors liable for shoddy practices with regard to
security. That is the only way that all too many software vendors will start
treating these matters seriously.