My blog has moved and can now be found at

No action is needed on your part if you are already subscribed to this blog via e-mail or its syndication feed.

Sunday, October 28, 2007
« Modular schemas, include, and tooling su... | Main | Children, Privacy and Children's Web Sit... »

There is new blog posting by James McGovern, "How Industry Analysts weaken Enterprise Security", that seems to take industry analysts to task for not asking enterprise application vendors if they "...implement this security specification or any security specification..." in their product. The example specification that is used is XACML.

It is an interesting question but seems to be designed more to get a rise out of people rather than addressing the ground truth, which is that the responsibility lies not with the Analysts but with the Architects and Engineers who are evaluating potential products for their Enterprise. 

So, to my mind, the more appropriate questions would be:

  1. Are the customers of the various analyst firms are being provided the appropriate and independent information such that they can ask the right questions of the vendors? Which is the role of the Analysts.
  2. Are the Enterprise's actually holding the vendors accountable by NOT spending money with vendors that do not implement open standards? Which is the role of the Business and the Enterprise Architect.
Tags:: Security
10/28/2007 4:09 PM Eastern Standard Time  |  Comments [0]  |  Disclaimer  |  Permalink   
Comments are closed.