Steven M. Christey wrote:
> So I've been an observer of the "Web 2.0 is a security nightmare" camp
> with the occasional head nods and detached agreement, being enough of a
> generalist that I didn't have anything to add to the alarms raised by the
> specialists. Where is the support group for those who have recently
> realized just how desperate the situation is?
>
> I'm not being entirely facetious. Is there any hope at all?
>
> - Steve
>
>
1. No, but there is no hope for generalized security apart from "Web
2.0" either. There is only risk reduction.
2. Stop complaining about Web 2.0. Really. It doesn't exist. There
are security problems specific to JSON, AJAX, REST, SOAP, FLEX, social
networking, P2P, etc. If you want to actually discuss the risk, name
the risk you're interested in. Web 2.0 doesn't mean anything we can
discuss like rational people. Same goes for "the Cloud".
Steve
--
| Steven E. Pinkham |
| Security Researcher, Maven Security |
| steve.pinkham (at) mavensecurity (dot) com [email concealed] |
| GPG public key ID CD31CAFB |
> So I've been an observer of the "Web 2.0 is a security nightmare" camp
> with the occasional head nods and detached agreement, being enough of a
> generalist that I didn't have anything to add to the alarms raised by the
> specialists. Where is the support group for those who have recently
> realized just how desperate the situation is?
>
> I'm not being entirely facetious. Is there any hope at all?
>
> - Steve
>
>
1. No, but there is no hope for generalized security apart from "Web
2.0" either. There is only risk reduction.
2. Stop complaining about Web 2.0. Really. It doesn't exist. There
are security problems specific to JSON, AJAX, REST, SOAP, FLEX, social
networking, P2P, etc. If you want to actually discuss the risk, name
the risk you're interested in. Web 2.0 doesn't mean anything we can
discuss like rational people. Same goes for "the Cloud".
Steve
--
| Steven E. Pinkham |
| Security Researcher, Maven Security |
| steve.pinkham (at) mavensecurity (dot) com [email concealed] |
| GPG public key ID CD31CAFB |
[ reply ]