According to a new report by Forrester, current use of WS-Security doubled over the past two years: Now 30% of enterprises pursuing service-oriented architecture (SOA) use WS-Security as part of their SOA and Web services security strategy. Forrester believes that this gives WS-Security critical mass to sustain its place in the SOA landscape, especially considering that another 16% plan to adopt WS-Security. This also provides a foundation for adoption of other SOAP-based Web services security specifications. REST-based services still don't have standard profiles for interoperable security, which means that when security requirements are part of the picture, SOA architects should carefully consider where and how they use REST.