BT
x Your opinion matters! Please fill in the InfoQ Survey about your reading habits!

Maven Central Enables SSL

by Ben Evans on  Aug 04, 2014 1

Responding to recent concerns that hackers could upload rogue versions of common libraries to Maven Central, Sonatype has released a patch that closes a security vulnerability, enabling SSL by default.

AWS Expands Credential Lifecycle Management and Monitoring

by Steffen Opel on  Jul 29, 2014

AWS Identity and Access Management (IAM) recently expanded available password policy rules to enable self-service password rotation. A new credential report provides visibility into the AWS credentials security status. AWS also added logging of AWS Management Console sign-in events to AWS CloudTrail.

GitHub, BitBucket, Twitter and other Secure Services Affected on Mac OS X By Expired SSL Certificate

by Dio Synodinos on  Jul 27, 2014

On Saturday July 26th, an intermediate certificate issued by DigiCert that was used by online services like GitHub, BitBucket, etc expired. Since this certificate was widely cached in the keychains of many Mac OS X users, this expiration caused any connection via browser or API to raise certificate chain errors.

Nurturing a Culture for Continuous Learning

by Ben Linders on  Jul 24, 2014

Continuous learning supports agile adoption in enterprises. A culture change can be needed to enable and support continuous learning. There are several things that managers and agile coaches can do to establish and nurture a continuous learning culture.

Cloudera Acquires Big Data Encryption Startup Gazzang

by Jérôme Serrano on  Jul 15, 2014

Hadoop distributor Cloudera pursued its strategy of securing the Hadoop ecosystem by acquiring last month the big data encryption and key management startup Gazzang. The deal will strengthen Cloudera's security offering and lead to the creation of a center of excellence for Hadoop security that will initially be fueled by Gazzang’s engineering team.

Katana Gets OpenIDConnect, WSFederation Components

by Roopesh Shenoy on  Jul 14, 2014

Katana 3, now close to GA, comes with new security components providing OpenIDConnect and WSFederation support.

AWS CloudTrail Expands Auditing of API Calls

by Steffen Opel on  Jun 25, 2014

AWS has considerably increased the number of services supported by AWS CloudTrail to cover the majority of the extensive AWS service portfolio. This now includes most compute and networking and all deployment and management services, thereby providing comprehensive end to end auditing of almost any changes to customer’s infrastructure.

Node Security Project Aims at Making Node.js More Secure

by Sergio De Simone on  Jun 25, 2014

Node Security Project has been quietly working at improving Node.js security for a few months now. The project has the goal of auditing Node.js existing module base to help "improve Node landscape and provide confidence to developers and enterprises about the state of security in Node.js land."

Hortonworks Acquires XA Secure to Strengthen Security in Enterprise Hadoop

by Abhishek Sharma on  Jun 23, 2014

Hortonworks recently acquired the data security company XA Secure to help the organization in providing comprehensive security to Hortonworks Data Platform (HDP). Security features would be available across all Hadoop workloads from batch, interactive SQL and real–time.

Waratek Release Early Version of their Application Security

by Ben Evans on  Jun 22, 2014

Waratek released an early adopter version of Waratek Application Security for Java, to protect older Java applications from vulnerabilities in legacy Java versions.

Hadoop Summit 2014 Day One - On the Path to Enterprise Grade Hadoop

by Jeevak Kasarkod on  Jun 04, 2014

Hadoop Summit Day One report covers the important trends and changes from last year's summit. It also covers the important announcements of the day in relation to this year's trending topics. This report focuses on the platform specific innovations and announcements and not the broader partner ecosystem, which will be covered in the next few days.

LibreSSL, OpenSSL Replacement: The First 30 Days

by Sergio De Simone on  May 19, 2014

LibreSSL is the OpenBSD group's response to the Heartbleed security vulnerability that was discovered a few weeks ago in OpenSSL. LibreSSL aims at fully pruning/refactoring OpenSSL to provide a secure and stable code base, fix long standing bugs, introduce modern programming practices, and redesign portability. After one month of work, it is time for a status update.

Docker Release Candidate for 1.0

by Chris Swan on  May 13, 2014

Docker version 0.11 has been released, which is the first release candidate for 1.0. The release doesn’t just focus on stability, and includes a number of new networking, security and administration features.

How to Do Just Enough Up-front Design

by Abel Avram on  May 09, 2014 3

This article includes advice for doing enough up-front architectural design to provide the needed structure to start a project, aligning the team with the architect’s vision and assessing the possible risks.

Heartbleed’s Aftermath: OpenBSD Developers Start Purifying OpenSSL

by Jeff Martin on  Apr 21, 2014

OpenSSL's Heartbleed vulnerability has brought the project under the intense scrutiny of the OpenBSD development team. The team began a massive cleanse and repair of the OpenSSL codebase last week with impressive results.

General Feedback
Bugs
Advertising
Editorial
InfoQ.com and all content copyright © 2006-2014 C4Media Inc. InfoQ.com hosted at Contegix, the best ISP we've ever worked with.
Privacy policy
BT