InfoQ Homepage Security Content on InfoQ
-
Cloud DevSecOps in Practice: People, Processes and Tools
The panelists discuss how to get the right security, DevOps, and cloud engineering stakeholders together to build a realistic DevSecOps strategy.
-
Pivoting and Exploitation in a Docker Environment
Filipi Pires discusses different ways that exist in working with a single form of pivot and how to overcome different obstacles in different networks within this “new” environment called Docker.
-
Depending on Whether I Had Coffee or Not, Your Application May Be High Risk
Shannon Morrison and Scott Behrens discuss how to perform application risk analysis at scale.
-
Container Security and Observability in Kubernetes Environments
The panelists discuss how to take care of the security and monitoring of Kubernetes.
-
Securing the Development & Supply Chain of Open Source Software (OSS)
David Wheeler discusses how OSS is developed & distributed as a supply chain (SC) model, how OSS developers can develop & distribute secure OSS today, and how potential users can select secure OSS.
-
Resilience in Supply Chain Security
Dan Lorenc goes over real-world threats facing open source supply-chains today, and what can be done to architect resilient build and delivery pipelines.
-
Getting the Most out of Sandboxing
Chris Palmer discusses the nature and particulars of the OS limitations we face, what security gap they leave us with, and what we are doing to make Chromium's large codebase less memory-unsafe.
-
DevSecOps and Application Security
Rajiv Kapoor, Clint Gibler, André Tehrani, Anastasiia Voitova, and Erik Costlow discuss how to integrate security into DevOps, where their concerns are and how each is addressed.
-
DevSecOps: Not the Tools, the Other Bits
Mario Platt presents how to improve and integrate governance, team practices and maturity development in how the output of tools are integrated.
-
Security and the Language of Intent
Tracy Holmes and Petros Kolyvas discuss why the language of security for infrastructure is often lost in translation and how policy as code can help.
-
User Adaptive Security
Christina Camilleri and Jesse Kriss discuss how Netflix has readjusted their investments around user-focused security, and explore strategies towards a tiered access approach within endpoint security.
-
Live Interview: Phishing Techniques and Mitigations
Joe Gray talks about OSINT and phishing tactics.