Popular programming initiatives such as services-oriented architectures and dynamic Web user interfaces are destined to fail if they're not developed with security in mind.
This was the sentiment Tuesday at the Software Security Summit in Baltimore, where application security vendors promised that those who forget past software development mistakes--particularly when cool new features trumped security--are destined to repeat those mistakes on the Web.
"I want people to think about input validation, error handling, and other security matters before they create a Web service," Jeff Williams, CEO of security services firm Aspect Security, said Tuesday. Otherwise, SOAs that push complexity behind the scenes and emphasize application interoperability will create of a system of insecure services sharing information.
Although the vendors here had an obvious self-interest in stirring things up, concerns over security aspects of Web services have been growing for several years. Simply put, it's just more difficult to bake-in protection in a distributed world.
