Mark Curphey - SecurityBuddha.com

That’s right, its the Mesh. Security implications galore…..I hope there will be some amazing security SOA folks developing these apps.

It’s true, I read about it in one of those productivity blogs you know; the ones that are so compelling that they actually make you totally unproductive while reading them. Boom boom, he’s on all night ladies and gentlemen. The gist of the post was that you should write down your five year goal in [...]

http://blogs.msdn.com/gabriel_morgan/archive/2007/11/18/customer-2-0-is-here-and-she-has-a-major-impact-on-business-models-and-system-architecture.aspx
http://blogs.msdn.com/nickmalik/archive/2007/11/23/focusing-on-customer-2-0.aspx

Marc’s post here is well worth a read.
Level 1 is what I call an “Access API”.
Level 2 is what I call a “Plug-In API”.
Level 3 is what I call a “Runtime Environment”.
The Oxygen Security Platform is actually likely to be a combination of all three!

Why isn’t there a Metasploit for web apps?
Maybe this is a start……(link)

As always Dinis Cruz shares a very interesting view
“Note that moving software in-house to provide it as a service (as google will soon find out) is not something that has less security requirements than a normal ‘desktop/server packaged applications’, it has MORE security requirements since its security exploitation will affect ALL customers (i.e. in a [...]

I am currently holed up at my holiday house in the South of France for the year building a prototype (I’ll be moving back to the States next year). Our new Chief Software Architect has now resigned from his current job and will be joining me here in a month. We expect a few others [...]

When the Internet was young people focused on infrastructure; the backbones. As we evolved, we shifted to network security and protecting our own LAN’s and WAN connectivity. The last decade saw a compound  move up the stack to operating systems (desktops and servers) and  the last few years have seen more emphasis on applications and data.
This is natural [...]

My first post tackled
Connecting People with Technology
Aligning IT with Business
Connecting Technology to Technology (and why Symantec are dead wrong on this one)

Today I add a new component into the mix of what I think Security 2.0 will look like;
Business Activity Monitoring
Richard Betjlich has done a great job educating people that its not about products like [...]

Warning: blatant personal product management research.
Please help. I am looking for screen captures of security dashboards. With your permission I will post them all here or forward them to the excellent Dashboard Spy to create a public collection.