BT
  • Hologram - Finally, AWS Key Distribution that Makes Sense

    by Arian Adair on  Mar 31, 2015

    Faced with the lack of solutions for secure distribution of AWS access keys to developers, AdRoll decided to build their own open source Hologram, a system that brings Amazon's Instance Profile mechanism to developer workstations. Adair details the process, tool design and main features.

  • Beyond Blacklisting: Cyberdefense in the Era of Advanced Persistent Threats

    by Aaron Beuhring and Kyle Salous on  Mar 17, 2015

    In this article, authors discuss the security vulnerabilities in software applications and how whitelisting approach has advantages over blacklisting. They also talk about how to implement the whitelisting security policies and cost involved with it.

  • Q&A on Conscious Agility

    by Ben Linders on  Mar 16, 2015

    The book Conscious Agility (Conscious Capitalism + Business Agility = Antifragility) by Si Alhir, Brad Barton and Mark Ferraro describes a design-thinking approach for business to benefit from uncertainty, disorder, and the unknown. An interview about conscious agility and antifragility, increasing business agility, dealing with uncertainty, and the three phases of a conscious agility initiative.

How to Start With Security

Posted by Rémon (Ray) Sinnema on  Mar 14, 2015

Computer security, or the lack thereof, has made many headlines recently. In this article we'll look at how bad things are and what you, as a software developer, can do about it.

Cloud Security Auditing: Challenges and Emerging Approaches

Posted by Jungwoo Ryoo, Syed Rizvi, William Aiken, John Kissell on  Mar 08, 2015

Security audits are an important part of IT security programs. In this article, authors highlight the challenges in cloud computing business models, based on interviews with cloud security auditors.

Employing Enterprise Architecture for Applications Assurance

Posted by Walter Houser on  Feb 26, 2015

In this article, authors discuss how enterprise, software, and security architects can improve software assurance by using the enterprise architecture to promulgate the software security controls.

Evo: The Agile Value Delivery Process, Where ‘Done’ Means Real Value Delivered; Not Code

Posted by Tom Gilb & Kai Gilb on  Jan 26, 2015

This article describes what ‘Evo’ is at core, and how it is different from other Agile practices, and why ‘done’ should mean ‘value delivered to stakeholders’. 1

Getting RID of Risk with Agile

Posted by Jacob Creech on  Jan 21, 2015

One of the largest areas of development waste are poorly formed requirements. This post presents a very simple technique that can be applied to all user stories to improve quality and reduce waste. 3

How Well Do You Know Your Personae Non Gratae?

Posted by Jane Cleland-Huang on  Nov 27, 2014

In this article, author discusses three techniques to defend against malicious users in software systems. The techniques includes creating personas, misuse cases and annotated activity diagrams.

The Resurrection of Product Risk Analysis

Posted by Chris Schotanus on  Nov 19, 2014

Product risk analysis (PRA) can be done during the various phases of sequential or agile system development. This article shows how to apply PRA to elevate it from project level to domain level.

Testing the Internet of Things: The Human Experience

Posted by Gerie Owen on  Nov 09, 2014

This article discusses “human experience” testing and uses concepts from human computer interaction design theory to establish a framework for developing “human experience” test scenarios.

Shadow IT Risk and Reward

Posted by Chris Haddad on  Oct 08, 2014

Chris Haddad explains in this article what Shadow IT is, what role it plays in the enterprise and why Enterprise IT needs to embrace it, adapt and address Shadow IT requirements, autonomy, and goals.

General Feedback
Bugs
Advertising
Editorial
Marketing
InfoQ.com and all content copyright © 2006-2015 C4Media Inc. InfoQ.com hosted at Contegix, the best ISP we've ever worked with.
Privacy policy
BT