In this IEEE article, author Eric Olden discusses an identity fabric that links multiple applications to a single identity to manage the volume of user identities that network administrators must secure and to enable a full-scale cloud adoption.
CERT Resilience Management Model (CERT-RMM), developed at Software Engineering Institute (SEI), defines the processes for managing operational resilience in complex risk-evolving environments. InfoQ spoke with Rich Caralli, Technical Manager of the CERT Resilient Enterprise Management Team, about RMM framework and the book he co-authored.
In this IEEE article, John Stouby Persson and Lars Mathiassen discuss a process for managing risks associated in managing the distributed software projects. The process includes identifying and analyzing distributed-team risks in the areas of task distribution, geographical and cultural distribution, stakeholder relations and communication infrastructure.
In this article, Rohit Sethi and Sahba Kazerooni discuss an agile threat modeling approach called "Threat Modeling Express" that can be used to collaboratively define threats and countermeasures. 3
In this IEEE panel discussion article, guest editors Ivan Arce and Anup Ghosh facilitated the discussion on cloud computing security risks.
This article introduces Apache Shiro security framework covering the project goals, architectural philosophies and how you might use Shiro to secure your own Java applications. 8
Static code analysis gives developers ability to review their code to uncover security vulnerabilities. InfoQ spoke with Brian Chess about static analysis and how it compares with other techniques.
Web Testing Environment (WTE) project makes application security tools available to developers and QA testers. InfoQ caught up with WTE project lead Matt Tesauro to learn more about the project. 1
GlassFish Security book, by author Masoud Kalali, covers Java EE security model and how to design and develop secure Java EE applications. InfoQ spoke with Masoud about the book.
Security Development Lifecycle (SDL) is a security assurance process with a focus on software development. InfoQ spoke with Bryan Sullivan about the current state and future road map of SDL framework.
In this article Boris Lublinsky shows how to extend JBoss jBPM to define and support process access authorization. 2
In this article, Michael Poulin elaborates on the differences between of governance and management and tries to explore the 'wonderland' of governance in a service-oriented environment. 3