Sunday, June 17, 2007
Thursday, June 14, 2007
Tuesday, June 12, 2007
People might argue that SOA is just another hype in software development. That is definitely true for many applications with the SOA Sticker on the box. There is also some kind of misconception of the underlying implementation techniques. For many “experts” is the web service technology the one and only choice (I can’t agree on this!). But the concept of SOA is especially helpful in the phase of mapping use cases (and work flows) to implemented functionalities in scenarios where the interaction (between the functionalities) is changing constantly. This flexibility is one reason to make SOA happen (but, please, not for all types of software applications). In addition, I do see a great opportunity to match the business scenario of – Software as a service – with the idea of a Service Oriented Architecture. I’m pretty sure that such companies got this already on the agenda. Me too.
Sunday, June 10, 2007
We don’t need to discuss about the significance of security in today’s world. Globalization and worldwide networking come with a lot of opportunities and might lead to more prosperity. But risks and issues must be addressed. We do see many threat vectors increasing. Many attacks are more sophisticated, very focused on a specific target and driven by high criminal energy. This is a big challenge for Serious Software Development. It is a misconception to understand IT Security as a compilation of appliances and components like firewalls, IDS or anti-malware. This is not enough! Security must be addressed very early in the development process, latest in the phase of requirement engineering. As a result, a security architecture that is professionally designed, implemented, put in place, enforced, and maintained must be expected. This process comprises a lot of activities: coding principles, security features, threat assessments, testing (and testing and testing) and many more. And, teams should strive for less complexity. I know, it’s easier said than done. But it is nearly impossible to „make a complex system secure“. Upcoming posts will cover this topic in more detail.