Thursday, June 14, 2007

My view on THE Web-OS

Many people are talking about a Web-OS. Just do a quick search via Google (one of the key player in this WebOS area). The results will be very different: some kind of decent information and ideas, some kind of rumors, all this stuff… I do believe in the idea of a Web Operating System which will be one of the top technology trends for 2008 or later. But I really miss a cool approach to bridge an existing gap. This is not about putting a web server on each client. This is about the technologies running in the browser which is still the one-and-only client for web applications. HTML is a markup language for documents, period. JavaScript is a scripting language, easy. Any combinations of both technologies might lead to more functionality and even to new trends like Web 2.0. But this comes with high complexity, security issues and huge problems to maintain code (and I’m not talking about debugging). My point is, HTML, JavaScript and AJAX are not the robust and durable building blocks to create a new operating system. This kind of homework must be done before establishing a new operating system; even it is “just” web. Disappointed?

Die Frauenkirche in Dresden

Tuesday, June 12, 2007

Convergence of SOA and Software as a Service

People might argue that SOA is just another hype in software development. That is definitely true for many applications with the SOA Sticker on the box. There is also some kind of misconception of the underlying implementation techniques. For many “experts” is the web service technology the one and only choice (I can’t agree on this!). But the concept of SOA is especially helpful in the phase of mapping use cases (and work flows) to implemented functionalities in scenarios where the interaction (between the functionalities) is changing constantly. This flexibility is one reason to make SOA happen (but, please, not for all types of software applications). In addition, I do see a great opportunity to match the business scenario of – Software as a service – with the idea of a Service Oriented Architecture. I’m pretty sure that such companies got this already on the agenda. Me too.

Sunday, June 10, 2007

IT Security in the Software Engineering Process

We don’t need to discuss about the significance of security in today’s world. Globalization and worldwide networking come with a lot of opportunities and might lead to more prosperity. But risks and issues must be addressed. We do see many threat vectors increasing. Many attacks are more sophisticated, very focused on a specific target and driven by high criminal energy. This is a big challenge for Serious Software Development. It is a misconception to understand IT Security as a compilation of appliances and components like firewalls, IDS or anti-malware. This is not enough! Security must be addressed very early in the development process, latest in the phase of requirement engineering. As a result, a security architecture that is professionally designed, implemented, put in place, enforced, and maintained must be expected. This process comprises a lot of activities: coding principles, security features, threat assessments, testing (and testing and testing) and many more. And, teams should strive for less complexity. I know, it’s easier said than done. But it is nearly impossible to „make a complex system secure“. Upcoming posts will cover this topic in more detail.