BT

Mobile Security and Team Collaboration: How to Combine It

by Ben Linders on  Feb 05, 2015

Mobile devices often contain both personal and corporate data. When these devices use cloud services with an "always on" internet connection the risk of security breaches increases says Jeff Crume. An interview on mobile security threats, increasing adherence to security policies, using mobile devices to collaborate efficiently, effectively and secure, and deploying enterprise mobile security.

Is Unhedged Call Options a Better Metaphor for Bad Code?

by Ben Linders on  Dec 24, 2014

In a blog post on bad code and technical debt Steve Freeman described how Chris Matts came up with the metaphor of an unhedged call option for bad code. This post is being intensively discussed on Reddit and on Hacker News recently. InfoQ interviewed Steve and Chris about using metaphors for bad code and code smells, trade-offs and costs of low quality code, and responsibilities for code quality.

Serial Key Generating for .NET

by Jonathan Allen on  Dec 10, 2014

While many applications are now being sold through app stores, mid-sized and big-ticket software is still offered directly to customers via web sites. For these kinds of projects, out-of-band licensing is still a major concern. One way to manage licenses is via serial keys using libraries such as SKGL.

Amazon releases AWS Key Management Service

by Chris Swan on  Dec 05, 2014

At their re:invent 2014 show Amazon launched AWS Key Management Service (KMS), “a managed service that makes it easy for you to create and control the encryption keys used to encrypt your data, and uses Hardware Security Modules (HSMs) to protect the security of your keys”. At launch the service supported EBS, S3 and Redshift. Additional support for Elastic Transcoder was added in late November.

Google Uses Machine Learning to Simplify CAPTCHA

by Abel Avram on  Dec 03, 2014

Google has announced a new CAPTCHA API which provides a No CAPTHA experience for most users.

Java EE 8 Security JSR will have Cloud Improvements

by Matt Raible on  Nov 30, 2014

The Java Community Process published details of JSR 375, a redesigned Java EE Security API that includes improvements for implementing security in a cloud environment.

Netflix Releases Open Source Message Security Layer

by Chris Swan on  Nov 24, 2014

Netflix have announced the release of the Message Security Layer protocol (MSL), which they describe as ‘A Modern Take on Securing Communication’. The project is available on github under the Apache 2.0 license, with implementations in Java and JavaScript.

Microsoft, Adobe Release Critical Security Updates

by James Chesters on  Nov 18, 2014

Microsoft has released secruity improvements to Internet Explorer, fixing a vulnerablity that could allow an attacker to take control of a user's system. But according to Robert Freeman, manager of IBM X-Force Research, the issue was reported to Microsoft with a working proof-of-concept back in May 2014 -- and the issue is far older.

Embedding Security Testing in Development Workflow

by João Miranda on  Nov 18, 2014

Stephen de Vries, ContinuumSecurity founder, promoted the idea of continuous and visible security at Velocity Europe 2014. Stephen argued that the same kind of processes and tools that embedded QA in the whole workflow of an agile development process can be applied to security. BDD-Security is a security testing framework that follows the Given-When-Then approach and is built on top of JBehave.

AWS Releases CloudTrail Processing Library

by Steffen Opel on  Nov 15, 2014

Amazon Web Services (AWS) recently released the AWS CloudTrail Processing Library (CPL), a "Java client library that makes it easy to build an application that reads and processes CloudTrail log files in a fault tolerant and highly scalable manner".

Amazon CloudWatch Gains Log Monitoring and Storage

by Steffen Opel on  Oct 31, 2014

Amazon CloudWatch recently gained log file monitoring and storage for application, operating system and custom logs and meanwhile enhanced support for Microsoft Windows Server to cover a wider variety of log sources.

Vormetric Partners with DataStax to Deliver Enhanced Data-at-Rest Security in Apache Cassandra

by Abhishek Sharma on  Oct 27, 2014

Vormetric, a data security solutions provider has announced a partnership with DataStax, the company behind Apache Cassandra, to enhance the enterprise-class security features in the platform. The two companies will work together to enhance data-at-rest security that includes encryption, enhanced access controls and security intelligence in Apache Cassandra.

Mixing Agile with Waterfall for Code Quality

by Ben Linders on  Oct 17, 2014 4

The 2014 CAST Research on Application Software Health (CRASH) report states that enterprise software built using a mixture of agile and waterfall methods will result in more robust and secure applications than those built using either agile or waterfall methods alone. InfoQ interviewed Bill Curtis about structural quality factors, and mixing agile and waterfall methods.

Google to remove support for SSL 3.0

by Alex Blewitt on  Oct 14, 2014 7

Google have announced that they will remove support for the obsolete SSL 3.0 after discovering vulnerabilities that may be exploitable by forcing clients or servers to downgrade. Removing SSL 3.0 may also unlock stalled negotiations with HTTP2. Read on for more details.

Using Logs to Detect User-Based Threats

by Jonathan Allen on  Oct 08, 2014

A common theme at the Splunk user conference is the idea that the users are the greatest threat. Even in a well-regulated enterprise where no one has more privileges than what’s needed to do their job, a typical user has more than enough ability to steal massive amounts of data or cause widespread problems. Fortscale seeks to address this issue by using the data that you are already collecting.

General Feedback
Bugs
Advertising
Editorial
Marketing
InfoQ.com and all content copyright © 2006-2015 C4Media Inc. InfoQ.com hosted at Contegix, the best ISP we've ever worked with.
Privacy policy
BT