InfoQ Homepage Risk Management Content on InfoQ
-
The Future is Knowable before it Happens: an Impossible Thing for Developers
In software development there are always things that we don’t know. We can take time to explore knowable unknowns, to learn them and get up to speed with them. To deal with unknowable unknowns, a solution is to be more experimental and hypothesis-driven in our development. Kevlin Henney gave a keynote about Six Impossible Things at QCon London 2022 and at QCon Plus May 10-20, 2022.
-
Microsoft Rebrands its Data Governance Service to Microsoft Purview
Recently, Microsoft announced Microsoft Purview, a new product branding bringing together the Azure Purview data governance service with various Microsoft 365 compliance solutions.
-
Google Cloud Introduces Community Security Analytics
Google Cloud recently released Community Security Analytics (CSA), a set of open-sourced queries and rules for security analytics designed to help detect common cloud-based threats.
-
How Security by Design Helped to Manage Risks in a Cloud Migration
When a company migrated to the cloud, security issues arose due to difficulties in getting stakeholders on board and involving security from the start. Embedding security assessments as part of the continuous cloud DevOps process and adopting an agile strategy for security risk management throughout the lifecycle of the project helped to increase the governance of security during the migration.
-
New CodeGuru Reviewer Features Detector Library and Security Detectors for Log-Injection Flaws
Amazon CodeGuru Reviewer is a developer tool that leverages machine learning to detect security defects in code (Java and Python) and offers suggestions for code quality improvement. Recently, AWS introduced two new features for the tool, with a new Detector Library and security detectors for Log-Injection Flaws.
-
Google and GitHub Announce OpenSSF Scorecards v4 with New GitHub Actions Workflow
GitHub and Google have announced the version 4 release of the Open Source Security Foundation (OpenSSF)'s Scorecards project. Scorecards is an automated security tool that identifies risky supply chain practices in open source projects. This release includes a new Scorecards GitHub Action, new security checks, and a large increase in the repositories included in the foundations weekly scans.
-
How to Foster Startup-Like Innovation in Established Companies
Startup founders expect uncertainty and failure as part of their innovation process. Leaders in established companies need to make sure that people take on risks to build the next big thing. Adding small improvements to products in a constant manner will create a compounding effect over time, and will help you build the exact thing your users are looking for.
-
AWS Re-Launches Amazon Inspector with New Architecture and Features
Amazon Inspector is an automated vulnerability management service that continually scans AWS workloads for software vulnerabilities and unintended network exposure. It was first launched in 2015, and during the recent re:Invent 2021, AWS re-launched it with brand new architecture and a host of new features such as container-based workloads, integration with Amazon Event Bridge, and Security Hub.
-
Microsoft Releases Azure AD My App and New Risk Detections for Identity Protection into GA
Microsoft recently released a few new Azure Active Directory (AD) features, namely My Apps "collections" and new "risk detections" capabilities, into general availability (GA). With these features, the company intends to simplifying identity and access management while also enhancing the customization and controls.
-
Microsoft Releases Azure Attestation into General Availability
Microsoft recently announced the general availability of Azure Attestation, a unified solution for remotely verifying the trustworthiness of a platform and the integrity of the binaries running inside it.
-
Airbnb: Using Guardrails to Identify Changes with Negative Impact across Teams
Airbnb rolled out an internal Experiment Guardrails system to identify potentially negative impacts of changes across different teams. Whenever a proposed change does not pass any of the guardrails, it is escalated for further analysis by affected teams and stakeholders, explains Airbnb data scientist Tatiana Xifara.
-
CNCF Fund a Bug Bounty Program for Kubernetes
The Kubernetes Product Security Committee has launched a new bug bounty program, funded by the The Cloud Native Computing Foundation (CNCF), to reward security researchers for finding vulnerabilities in the Kubernetes' codebase, as well as the build and release processes, with bounties ranging from $100 to $10,000.
-
Jenkins Creator Launches ML Startup in Continuous Risk-Based Testing
Jenkins creator, Kohsuke Kawaguchi, starts Launchable, a startup using machine learning to identify risk-based tests. Testing thought leader Wayne Ariola also writes about the need for a continuous testing approach, where targeted risk-based tests help provide confidence for continuous delivery.
-
GitHub to Integrate Semmle Code Analysis for Continuous Vulnerability Detection
With the acquisition of startup Semmle, GitHub aims to make continuous vulnerability detection part of their continuous integration/continuous deployment service.
-
DOES London: Mark Schwartz on War & Peace & IT
Mark Schwartz, former CIO and self-described iconoclast, spoke recently at DevOps Enterprise Summit London. Schwartz is the author of three books published by IT Revolution: ‘The Art of Business’, ‘A Seat at the Table’ and ‘War & Peace & IT,’ and is currently an enterprise strategist at Amazon Web Services.