Stayed longer at work to participate in a Quadrasis' web services security webcast. They interrupted educational content couple of times with a poll that was probably meant to help their marketing. Due to some clever technology I could see results in realtime. Here's something I scribbled down.

The first question was, "in which stage of web services deployment people were?" When you hear press saying that Web Services are "done" or that Web Services security "is done", just remember the following statistics:

70% were doing research
25% gathering technical product details
5 % were piloting something.

Second poll was on how people deploy technical security.

17% use bespoke legacy point solutions
10 % are building shared security services usable by many applications (security business service hub!) 
35% use in-built security capabilities of infrastructure such as app. servers, web servers etc.
37% use integrated security packages (something like IBM, I guess)

You could draw quite interesting conclusions from these percentages regarding the state and evolution of the security market, but after the recent comment on Access360 I decided that I didn't aspire to become a security market analyst and so I am not going commenting on this.

9:28:51 PM    

George Smith from Vmyths (Truth About Computer Security Hysteria) on security vendors FUD: "No one wants to write a story about the fellow who e-mailed me recently to say: "I can get people to spill their drinks by telling them that... we have lost no data to viruses since 1991 ... The money we save on non-working, never-up-to-date copies of [software] goes to a couple of reasonable mail scanners, a firewall which we keep in good order, and a couple of people who know what the hell they're doing." [Securityfocus thrugh The Security Blog]

Smart, funny, irreverent and true.

9:00:17 PM