Secure Applications

Another site to follow...

Main Page - OWASP

The Open Web Application Security Project (OWASP) is a worldwide free and open community focused on improving the security of application software.

Being abstract about data

Data abstraction as a key tenet of SOA is a given. Linthicum writes about XAware, an open source product, and it certainly looks attractive. However, his support for Open Source is less easy to swallow; citing "typically much less expensive than... proprietary [tools]" as a reason.

I think Linthicum is dangerously simplifying the situation and, despite being a very keen advocate of open source products myself, I would sound a word of caution. The way I govern our technology standards is by creating an abstract architecture. This abstract architecture is a representation of the objects in the real world. I encapsulate and isolate as far as possible to reduce the complexity of the abstract architecture, and to understand the links between components. This abstract architecture is a representation of the capabilities that we have and underpins our service catalogue. It also tells me what skills are required to support, operate and maintain that capability.

I allow things that are not represented on that landscape IF AND ONLY IF they are isolated, black boxed, and totally invisible as an entity in the abstract architecture. If this can be achieved I don't need to know about it to maintain it, I only maintain its container. (This isolation can be achieved by using a service provider to support the product, effectively outsourcing the support, operate and maintain requirement.)

So look very closely at the open source product. What other components is it introducing into your landscape that you will have to support. As a rule open source will not isolate components, it will expect you to be able to support those elements upon which it is built.

Real World SOA | David Linthicum | InfoWorld | When Data Abstraction Meets Open Source | November 5, 2007 10:12 PM | By Dave Linthicum

XAware provides data abstraction tool that allows the architect to create a logical database before linking existing physical data stores to it. Thus, this allows the architect to work from the design to the implementation, and provides complete independence from the physical instances of data.

Patterns for adoping open source

I'm not sure if I've blogged this before, but the conventional wisdom for adoption of open source is that whilst the software may be free, the skills requirement is higher. One way to consider the open source alternative is to consider the open source project on a par with internally developed solutions. This has two benefits, firstly you really engage with the solution, and secondly by engaging with the community and feeding back with your developed insights you help to improve the overall solution. If you are not able to make this level of commitment to the project then perhaps you are not ready yet to adopt an open source solution.

» Open source adoption: More rigor, less emotion | Between the Lines | ZDNet.com

In any case, companies need to consider the unintended consequences. For starters, if you use open source the chances are good that you will need more developers internally. Bottom line: More analysis will be needed as companies increasingly take the open source plunge.