BT
  • Book Launch of “Commitment”, and an Interview with Olav Maassen, Chris Matts and Chris Geary

    by Ben Linders on  Jul 02, 2013 1

    Commitment is a graphical business novel about managing project risks with “Real Options”, a way of thinking to improve your decision making. InfoQ attended the book launch on May 14 in Amersfoort, The Netherlands and spoke with the authors about decision making, risks and technical debt.

  • Application Security Testing: The Double-sided Black Box

    by Rohit Sethi on  Feb 26, 2013 1

    In this article, Rohit Sethi discusses one of the biggest risks with software security, the opaque nature of verification tools and processes, and the potential for false negatives not covered by the different verification techniques. He also talks about some examples of security requirements and examines how common verification methods apply to them.

  • Automating Data Protection Across the Enterprise

    by Arshad Noor on  Feb 07, 2013

    This article builds on the foundational Regulatory Compliant Cloud Computing (RC3) architecture for application security in the cloud by defining a Data Encryption Infrastructure(DEI) which is not application specific. DEI encompasses technology components and an application architecture that governs the protection of sensitive data within an enterprise.

Do we really need identity propagation in SOA and Clouds?

Posted by Michael Poulin on  Aug 20, 2012

While a majority of security specialists are managing identity through SSO nobody has answered the question if identity propagation in SOA and Clouds is feasible from a business perspective. 4

Don't SCIM over your Data Model

Posted by Ganesh Prasad on  Aug 08, 2012

This opinion piece discusses limitations in the SCIM data model specification as perceived by the author. He provides three specific suggestions which were also posted to the SCIM mailing list. 4

Defending against Web Application Vulnerabilities

Posted by Nuno Antunes and Marco Vieira on  Jul 27, 2012

In this article, authors discuss the security in software development life cycle and how to defend against web application vulnerabilities using white-box analysis and black-box testing techniques. 1

Standardizing the Cloud for Security

Posted by Orlando Scott-Cowley on  Jul 05, 2012

Orlando Scott-Cowley discusses security in the cloud and the need for industry standards to lower the barriers to entry while ensuring that customer data is safe.

A Distributed Access Control Architecture for Cloud Computing

Posted by Abdulrahman A. Almutairi, Muhammad I. Sarfraz, Saleh Basalamah, Walid G. Aref, Arif Ghafoor on  Jun 12, 2012

In this article, authors discuss a distributed architecture based on principles from security management and software engineering to address cloud computing’s security challenges.

Managing Security Requirements in Agile Projects

Posted by Rohit Sethi on  Jun 04, 2012

Managing security requirements from early phases of software development is critical. In this article, author Rohit Sethi discusses how to map security requirements to user stories in Agile projects. 2

The Future of Authentication

Posted by Dirk Balfanz, Richard Chow, Ori Eisen, Markus Jakobsson, Steve Kirsch, Scott Matsumoto, Jesus Molina, Paul van Oorschot on  May 04, 2012

In this IEEE roundtable discussion article, the panelists discuss current authentication approaches, how to authenticate users on mobile devices and the future direction of authentication. 1

Commitment – Writing a Graphic Novel explaining Real Options

Posted by Shane Hastie on  Apr 05, 2012

Building on their work on Real Options, Chris Matts and Olav Maassen are writing a graphic novel to explain the concepts and share their knowledge. They discussed the novel and the process with InfoQ.

Interview and Book Review: The CERT Oracle Secure Coding Standard for Java

Posted by Srini Penchikala on  Feb 15, 2012

"The CERT Oracle Secure Coding Standard for Java" book covers the rules for secure coding using Java programming language. InfoQ spoke with book authors on how these rules can help Java developers.

General Feedback
Bugs
Advertising
Editorial
InfoQ.com and all content copyright © 2006-2014 C4Media Inc. InfoQ.com hosted at Contegix, the best ISP we've ever worked with.
Privacy policy
BT