IBM SMashes Web 2.0 Security Risks

IBM creates a technology designed to make mashups more secure.

With security risks increasing with Web 2.0 technologies such as mashups, IBM is rolling out a new technology known as SMash, short for "secure mashup."

IBM announced SMash March 13 and contributed the technology to the OpenAjax Alliance. Mashups pull information from multiple sources, such as Web sites, enterprise databases or e-mails, to create a unified Web application. Mashups have caught on quickly for business use because they enable nontechnical users to gain insight on complex situations in minutes, and nondevelopers to quickly create "situational" applications. However, as with most Web-based initiatives, security is a concern.

"When we started a lot of this mashup work, the first thing enterprise customers asked was, 'Have you thought about security?' " Rod Smith, IBM fellow and vice president of emerging technology, said in an interview with eWEEK.

With SMash, IBM is trying to reduce the risk. SMash allows information from different sources to talk to each other, but keeps them separate so malicious code can't creep into enterprise systems, Smith said.

"IBM Research did the development in conjunction with some guidance from the OpenAjax security working group," Smith said. "IBM Research did a reference implementation and wrote the code."