While Cloud Computing offers increased business agility and reduced cost, many are worried about security: loss of control and lack of confidentiality. Presented by Alon Hazy and Jakob Illeborg Pagter, this talk looks at the threat landscape, then examines how to secure cloud solutions today and in the future.
In this IEEE article, author John Diamant talks about how to improve security quality of software applications using a proactive approach with techniques like Security requirements gap analysis and Architectural threat analysis in the early phases of software development life cycle.
Building security into software applications from the initial phases of development process is critical. Static code analysis gives developers the ability to review their code without actually executing it to uncover potential security vulnerabilities. InfoQ spoke with Brian Chess about static analysis and how it compares with other security assessment techniques like penetration testing.
IEEE announced that the Hans Karlsson Standard Award 2012 has been given to Paul R. Croll for dedicated leadership of the IEEE Systems and Software Engineering Standards Committee, and for his diplomacy and collaboration in facilitating the development of a collection of high-quality standards.
Web application security testing and assessment should include both security code review and penetration testing techniques. Dave Wichers, an OWASP Board Member, spoke at the recent AppSec DC 2010 Conference about the pros and cons of code reviews and penetration testing approaches in finding security vulnerabilities in web applications.
