In this article, Rohit Sethi discusses one of the biggest risks with software security, the opaque nature of verification tools and processes, and the potential for false negatives not covered by the different verification techniques. He also talks about some examples of security requirements and examines how common verification methods apply to them.
This article builds on the foundational Regulatory Compliant Cloud Computing (RC3) architecture for application security in the cloud by defining a Data Encryption Infrastructure(DEI) which is not application specific. DEI encompasses technology components and an application architecture that governs the protection of sensitive data within an enterprise.
Identity Propagation through Single Sign-On(SSO) has been assumed to be a panacea for all identity issues in SOA and Clouds. In this article, Michael Poulin raises questions around the business feasibility of propagation and proposes a delegate model of representation instead.
This opinion piece discusses limitations in the SCIM data model specification as perceived by the author. He provides three specific suggestions which were also posted to the SCIM mailing list. 4
In this article, authors discuss the security in software development life cycle and how to defend against web application vulnerabilities using white-box analysis and black-box testing techniques. 1
Orlando Scott-Cowley discusses security in the cloud and the need for industry standards to lower the barriers to entry while ensuring that customer data is safe.
In this article, authors discuss a distributed architecture based on principles from security management and software engineering to address cloud computing’s security challenges.
Managing security requirements from early phases of software development is critical. In this article, author Rohit Sethi discusses how to map security requirements to user stories in Agile projects. 2
In this IEEE roundtable discussion article, the panelists discuss current authentication approaches, how to authenticate users on mobile devices and the future direction of authentication. 1
Building on their work on Real Options, Chris Matts and Olav Maassen are writing a graphic novel to explain the concepts and share their knowledge. They discussed the novel and the process with InfoQ.
"The CERT Oracle Secure Coding Standard for Java" book covers the rules for secure coding using Java programming language. InfoQ spoke with book authors on how these rules can help Java developers.
One category of risk that project teams need to ensure they address is business value failure – delivering a product that fails to provide value for the business investor. 3