• Resilient Security Architecture

    by John Diamant on  Sep 27, 2011

    In this IEEE article, author John Diamant talks about how to improve security quality of software applications using a proactive approach with techniques like Security requirements gap analysis and Architectural threat analysis in the early phases of software development life cycle.

  • Architecting a Cloud-Scale Identity Fabric

    by Eric Olden on  Jun 29, 2011 1

    In this IEEE article, author Eric Olden discusses an identity fabric that links multiple applications to a single identity to manage the volume of user identities that network administrators must secure and to enable a full-scale cloud adoption.

  • Interview and Book Excerpt: CERT Resilience Management Model

    by Srini Penchikala on  May 30, 2011

    CERT Resilience Management Model (CERT-RMM), developed at Software Engineering Institute (SEI), defines the processes for managing operational resilience in complex risk-evolving environments. InfoQ spoke with Rich Caralli, Technical Manager of the CERT Resilient Enterprise Management Team, about RMM framework and the book he co-authored.

A Process for Managing Risks in Distributed Teams

Posted by John Stouby Persson and Lars Mathiassen on  May 10, 2011

In this IEEE article, John Stouby Persson and Lars Mathiassen discuss a process for managing risks associated in managing the distributed software projects. 2

Threat Modeling Express

Posted by Sahba Kazerooni and Rohit Sethi on  May 09, 2011

In this article, Rohit Sethi and Sahba Kazerooni discuss an agile threat modeling approach called "Threat Modeling Express" that can be used to collaboratively define threats and countermeasures. 3

Cloud Computing Roundtable

Posted by Ivan Arce and Anup Ghosh on  Apr 11, 2011

In this IEEE panel discussion article, guest editors Ivan Arce and Anup Ghosh facilitated the discussion on cloud computing security risks.

Application Security With Apache Shiro

Posted by Les Hazlewood on  Mar 14, 2011

This article introduces Apache Shiro security framework covering the project goals, architectural philosophies and how you might use Shiro to secure your own Java applications. 8

Brian Chess on Static Code Analysis

Posted by Srini Penchikala on  Feb 21, 2011

Static code analysis gives developers ability to review their code to uncover security vulnerabilities. InfoQ spoke with Brian Chess about static analysis and how it compares with other techniques.

Matt Tesauro on OWASP Web Testing Environment (WTE) Project

Posted by Srini Penchikala on  Feb 14, 2011

Web Testing Environment (WTE) project makes application security tools available to developers and QA testers. InfoQ caught up with WTE project lead Matt Tesauro to learn more about the project. 1

Interview and Book Excerpt: Masoud Kalali’s GlassFish Security

Posted by Srini Penchikala on  Nov 29, 2010

GlassFish Security book, by author Masoud Kalali, covers Java EE security model and how to design and develop secure Java EE applications. InfoQ spoke with Masoud about the book.

Bryan Sullivan on Security Development Lifecycle

Posted by Srini Penchikala on  Oct 25, 2010

Security Development Lifecycle (SDL) is a security assurance process with a focus on software development. InfoQ spoke with Bryan Sullivan about the current state and future road map of SDL framework.

Authorizing Process Access and Execution with JBoss jBPM

Posted by Boris Lublinsky on  Mar 19, 2010

In this article Boris Lublinsky shows how to extend JBoss jBPM to define and support process access authorization. 2

General Feedback
Editorial and all content copyright © 2006-2013 C4Media Inc. hosted at Contegix, the best ISP we've ever worked with.
Privacy policy