Threat modeling is critical for assessing and mitigating the security risks in software systems. In this IEEE article, author Danny Dhillon discusses a developer-driven threat modeling approach to identify threats using the dataflow diagrams.
In this IEEE article, author Charlie Miller talks about the mobile security vulnerabilities. He explains how smart phones are becoming targets of attackers and discusses security models of two smart phone operating systems: Apple's iOS and Google's Android. The attackers can get remote code to run on a mobile device in two ways: mobile malware and drive-by downloads.
Risk management is the hottest topic in IT. Processes for effective risk management and investment decision making will allow Agile techniques to scale beyond projects to the enterprise. Without them, Agile will be confined to the ghetto of development. In this article Chris and Olav present some tools and techniques to identify and manage risks on Agile projects.
In this IEEE article, author John Diamant talks about improving security quality of software applications using techniques like security requirements gap analysis and architectural threat analysis.
In this IEEE article, author Eric Olden discusses an identity fabric that links multiple applications to a single identity to manage the volume of user identities in the cloud. 1
InfoQ spoke with Rich Caralli from SEI's Resilient Enterprise Management Team about Resilience Management Model used for managing operational resilience in complex, risk-evolving environments.
In this IEEE article, John Stouby Persson and Lars Mathiassen discuss a process for managing risks associated in managing the distributed software projects. 2
In this article, Rohit Sethi and Sahba Kazerooni discuss an agile threat modeling approach called "Threat Modeling Express" that can be used to collaboratively define threats and countermeasures. 3
In this IEEE panel discussion article, guest editors Ivan Arce and Anup Ghosh facilitated the discussion on cloud computing security risks.
This article introduces Apache Shiro security framework covering the project goals, architectural philosophies and how you might use Shiro to secure your own Java applications. 8
Static code analysis gives developers ability to review their code to uncover security vulnerabilities. InfoQ spoke with Brian Chess about static analysis and how it compares with other techniques.
Web Testing Environment (WTE) project makes application security tools available to developers and QA testers. InfoQ caught up with WTE project lead Matt Tesauro to learn more about the project. 1