InfoQ Homepage Security Content on InfoQ
-
Q&A on the Book Real-World Bug Hunting
The book Real-World Bug Hunting by Peter Yaworski is a field guide to finding software vulnerabilities. It explains what ethical hacking is, explores common vulnerability types, explains how to find them, and provides suggestions for reporting bugs while getting paid for doing so.
-
Improving Security Practices in the Cloud Age: Q&A With Christopher Gerg
IT leaders say that security is a top priority. Surveys show that it’s easy to say, and hard to do. InfoQ spoke with Christopher Gerg, CISO at Gillware, about security practices in the cloud age.
-
Implementing Policies in Kubernetes
The author explains what Kubernetes policies are, and how they can help you manage and secure the Kubernetes cluster. We will also look at why we need a policy engine to author and manage policies.
-
How to Use Chaos Engineering to Break Things Productively
Chaos can be a preventative for calamity. It's predicated on the idea of failure as the rule rather than the exception, and it led to the development of the first dedicated chaos engineering tools. This article explores chaos engineering, and how to apply it.
-
How Developers Can Learn the Language of Business Stakeholders
This article explores how business stakeholders and developers can improve their collaboration and communication by learning each other's language and dictionaries. It explores areas where there can be the most tension: talking about impediments and blockers, individual and team learning, real options, and risk management.
-
How to Seamlessly Evolve DevOps into DevSecOps
As DevOps evolved, it became obvious that it was about more than just software development and operations management. With each new story of a massive data breach and its catastrophic consequences, cybersecurity swiftly became recognized as a critical part of any IT ecosystem. This realization led to DevSecOps. This article looks at how to embrace a DevSecOps approach.
-
NotPetya Retrospective
As we hit the second anniversary of NotPetya, this retrospective is based on the author’s personal involvement in the post-incident activities. In the immediate aftermath, it seemed like NotPetya could be the incident that would change the whole IT industry, but it wasn’t—pretty much all the lessons learned have been ignored.
-
Q&A on the Book Risk-First Software Development
The book Risk-First Software Development by Rob Moffat views all of the activities on a software project through the lens of managing risk. It introduces a pattern language to classify different risks, provides suggestions for balancing risks, and explores how software methodologies view risks.
-
Sustainable Operations in Complex Systems with Production Excellence
Successful long-term approaches to production ownership and DevOps require cultural change in the form of production excellence. Teams are more sustainable if they have well-defined measurements of reliability, the capability to debug new problems, a culture that fosters spreading knowledge, and a proactive approach to mitigating risk.
-
Cultivating a Learning Organisation
This article explores how creating an internal culture of experimentation and learning enabled a company to keep pace with the rapid iterations in tech that have become the regular way we do business. It shows that psychological safety is a key component of the learning organisation; employees need to be able to experiment and learn from any outcome - without fear that failure will be punished.
-
Seven Steps for Improving Cloud Security with Business Integration
For business owners and information technology professionals, cloud computing has represented a significant advancement in terms of efficiency and supportability. But like with any major shift in the IT industry, the cloud brings a host of new security risks. Let’s take a look at the most common risks associated with integrating cloud-based business systems and how to manage them appropriately.
-
InfoQ’s 2018, and What We Expect to See in 2019
We take a look back at what we say on infoQ in 2018, and think about what the next year might bring.