In this IEEE roundtable discussion hosted by guest editors Richard Chow, Markus Jakobsson, and Jesus Molina, the panelists discuss current authentication approaches, how to authenticate users on mobile devices and the future direction of authentication.
Building on their work on Real Options, Chris Matts and Olav Maassen are writing a graphic novel to explain the concepts and share their knowledge in the area. They discussed the novel, the process of producing it and the crowdsourcing model of funding with Shane Hastie from InfoQ. A sample chapter is available for InfoQ readers to download.
"The CERT Oracle Secure Coding Standard for Java" book covers the rules for secure coding using Java programming language and its libraries with the goal to help Java developers eliminate insecure coding practices that can lead to vulnerable code. InfoQ spoke with book authors about how the security rules discussed in the book compare to other security coding frameworks.
One category of risk that project teams need to ensure they address is business value failure – delivering a product that fails to provide value for the business investor. 3
In this IEEE article, authors Stephen Yau and Ho An talk about the advantages and challenges in application development using service-oriented architecture and cloud computing technologies. 2
This article presents a web application architecture that leverages cloud resources and an enterprise key-management infrastructure to lower costs while proving compliance to data-security regulations 8
Security concerns plague cloud consumers so how should these concerns be addressed? This article introduces the basic principles and patterns that should guide a cloud security architecture.
In this IEEE article, authors Quyen L. Nguyen and Arun Sood discuss three types of intrusion tolerant system architectures and their efficiency for intrusion tolerance and survivability. 3
NoSQL databases have been getting lot of attention lately but NoSQL data security is not given much emphasis. This article focuses on the security considerations in accessing NoSQL databases. 4
In this IEEE article, author Danny Dhillon discusses a developer-driven threat modeling approach to identify threats based on the dataflow diagrams for assessing and mitigating the security risks. 3
In this IEEE article, author Charlie Miller talks about mobile security vulnerabilities. He discusses how iOS and Android phones can be attacked using mobile malware and drive-by downloads.
Risk management is a crucial discipline for projects, and finding ways to do effective risk management on agile projects will spell the difference between Agile scaling into the enterprise or failing. 5