InfoQ Homepage Risk Management Content on InfoQ

Articles

RSS Feed

Newer Older

Developer-Driven Threat Modeling

Threat modeling is critical for assessing and mitigating the security risks in software systems. In this IEEE article, author Danny Dhillon discusses a developer-driven threat modeling approach to identify threats using the dataflow diagrams.

Danny Dhillon
on Nov 11, 2011
Agile is at a crossroad: Scale or fail?

Risk management is the hottest topic in IT. Processes for effective risk management and investment decision making will allow Agile techniques to scale beyond projects to the enterprise. Without them, Agile will be confined to the ghetto of development. In this article Chris and Olav present some tools and techniques to identify and manage risks on Agile projects.

Chris Matts Olav Maassen
on Oct 14, 2011
Resilient Security Architecture

In this IEEE article, author John Diamant talks about how to improve security quality of software applications using a proactive approach with techniques like Security requirements gap analysis and Architectural threat analysis in the early phases of software development life cycle.

John Diamant
on Sep 27, 2011
Interview and Book Excerpt: CERT Resilience Management Model

CERT Resilience Management Model (CERT-RMM), developed at Software Engineering Institute (SEI), defines the processes for managing operational resilience in complex risk-evolving environments. InfoQ spoke with Rich Caralli, Technical Manager of the CERT Resilient Enterprise Management Team, about RMM framework and the book he co-authored.

Srini Penchikala
on May 30, 2011
A Process for Managing Risks in Distributed Teams

In this IEEE article, John Stouby Persson and Lars Mathiassen discuss a process for managing risks associated in managing the distributed software projects. The process includes identifying and analyzing distributed-team risks in the areas of task distribution, geographical and cultural distribution, stakeholder relations and communication infrastructure.

John Stouby Persson Lars Mathiassen
on May 10, 2011
Brian Chess on Static Code Analysis

Building security into software applications from the initial phases of development process is critical. Static code analysis gives developers the ability to review their code without actually executing it to uncover potential security vulnerabilities. InfoQ spoke with Brian Chess about static analysis and how it compares with other security assessment techniques like penetration testing.

Srini Penchikala
on Feb 21, 2011
"Real Options" Underlie Agile Practices

Whether we realise it or not, "freedom to choose" is a principle underlying many Agile practices. By avoiding early commitments, we gain flexibility in the choices we make later. In this article, Chris Matts and Olav Maassen propose that an understanding of "Real Options" allows us to develop and refine new agile practices and take agile in directions it hasn't gone before.

Chris Matts Olav Maassen
on Jun 08, 2007
From Java to Ruby: Risk

"Ruby is risky" is a common perception. As Ruby on Rails moves closer to the mainstream, that risk will decrease. In this article, Bruce Tate examines the changing risk profiles for Java and Ruby from a managers perspective, examining Java's initial adoption and also common risk myths about Rails.

Bruce Tate
on Aug 31, 2006

Newer Articles

Older Articles

Unlock the full InfoQ experience

Don't have an InfoQ account?

Topics

How to Use Apache Spark to Craft a Multi-Year Data Regression Testing and Simulations Framework

Scaling Cloud and Distributed Applications: Lessons and Strategies

GenAI Security: Defending Against Deepfakes and Automated Social Engineering

Transforming Life Sciences: AI, Vibe Coding, and Drug Development Acceleration

Hybrid Cloud-Native Networking in Enterprise - Some Assembly Required

Helpful links

Choose your language

Articles

Developer-Driven Threat Modeling

Agile is at a crossroad: Scale or fail?

Resilient Security Architecture

Interview and Book Excerpt: CERT Resilience Management Model

A Process for Managing Risks in Distributed Teams

Brian Chess on Static Code Analysis

"Real Options" Underlie Agile Practices

From Java to Ruby: Risk

Lessons Learned in Migrating to Micro-Frontends by Luca Mezzalira at QCon SF

How to Use Apache Spark to Craft a Multi-Year Data Regression Testing and Simulations Framework

Rust at the Core: Accelerating Polyglot SDK Development by Spencer Judge at QCon SF 2025

From On-Demand to Live : Netflix Streaming to 100 Million Devices in Under 1 Minute

Grab Adds Real-Time Data Quality Monitoring to Its Platform

Karrot Improves Conversion Rates by 70% with New Scalable Feature Platform on AWS

Transforming Life Sciences: AI, Vibe Coding, and Drug Development Acceleration

Growing Yourself as a Software Engineer, Using AI to Develop Software

Empathy Driven Platforms: You Build It, Let’s Run It Together

MySQL Repository Analysis Reveals Declining Development and Shrinking Contributor Base

Memori Expands into a Full-Scale Memory Layer for AI Agents across SQL and MongoDB

How Discord Scaled its ML Platform from Single-GPU Workflows to a Shared Ray Cluster

Hybrid Cloud-Native Networking in Enterprise - Some Assembly Required

NVIDIA Dynamo Addresses Multi-Node LLM Inference Challenges

System Initiative Unveils Expansion with Real-Time Multi-Cloud Discovery and Automation

QCon AI New York

QCon London

QCon AI Boston

InfoQ Software Architects' Newsletter

Articles