As you might know, the Supreme Court decided in May to consider a constitutional challenge to the 2002 law that created a national board to oversee U.S. public company auditors. I think most people will agree that SOX is bad law. But this blog is about the business of SOA, and SOX has surely stifled business, SOA included. Yet I'm torn. SOX has certainly forced companies to focus on fundamental issues (such as controls on database access) that certainly have been ignored in the past. When followed, SOX improved the security of your data. Does this compensate for suppressing IT, especially startups? I believe the answer is no.