Now we get to AjaxWorld West 2007 and there are 5 presentations about security and all of them look great. Brian Chess from Fortify, Joe Stagner from Microsoft, Byran and I from SPI/HP, Danny Allen from Watchfire/IBM, and Pothiraj Selvaraj from CGE. I am absolutely floored by the turn out. And its not just more security speakers at Ajax conferences. There are other indications thats people are accepting Ajax Security. We are seeing a number of books on Ajax Security come out. Ajax frameworks are starting implement security features natively. In some cases framework developers are reaching out directly to the web security companies that seem to get it. For example SPI has been to Redmond multiple times this year working with the ASP.NET and Atlas teams. We see security vendors and consultants who were in denial about Ajax have toned down the rhetoric. Now vendors from the scanner and source code analysis spaces are joining SPI on stage this year on AjaxWorld. We've gone from a 20 something with long hair talking about Ajax security to CTOs and CEOs, and VPs spreading the message. And that is extremely satisfying.
I suppose if anything, AjaxWorld 2007 is a nice breath of fresh air. A cause SPI has been championing for nearly 2 years now is becoming more mainstream and finding acceptance in the Security and Development communities. I welcome my friendly competitors to the party, even if they were a little late and got lost along the way. :-) Because at the end of the day, more smart people working on tough problems helps everyone.
Keep fighting the good fight.