InfoQ Homepage Risk Management Content on InfoQ
-
Securing Java Applications in the Age of Log4Shell
Simon Maple looks at how one can be more proactive and defensive in decisions for future Log4Shell like scenarios, considering, identifying and reducing the risk introduced into applications.
/presentations/log4shell-security/en/mediumimage/Simon-maple-m-1665986617483.jpg)
-
Depending on Whether I Had Coffee or Not, Your Application May Be High Risk
Shannon Morrison and Scott Behrens discuss how to perform application risk analysis at scale.
/presentations/risk-analysis-scale/en/mediumimage/risk-analysis-scale-m-1644940077857.jpg)
-
Making Npm Install Safe
Kate Sills discusses how to minimize the risks of running third-party JavaScript.
/presentations/npm-install/en/mediumimage/Katbig-1587644798999.JPG)
-
Quantifying Risk
Markus De Shon talks about the Netflix risk quantification that they introduced in their highest impact areas, and are gradually expanding across the enterprise.
/presentations/risk-quantification-netflix/en/mediumimage/Markus-De-Shon-m-1579056018117.jpg)
-
Risk Profiling
Jaume Jornet talks about why eDreams ODIGEO does Risk Profiling for product teams, how to introduce Risk Profiling in the organizations, and how it helps to move the company to highest maturity levels
/presentations/risk-profiling/en/mediumimage/Jaume-Jornet-m-1544124420224.jpg)
-
Developers as a Malware Distribution Vehicle
Guy Podjarny discusses risk management with examples from role models inside and outside of tech. Podjarny explains cognitive biases and how good security constraints can actually help move faster.
/presentations/dev-malware-spread/en/mediumimage/guy-podjarny-m-1533820407531.jpeg)
-
Liquidity Modeling in Real Estate Using Survival Analysis
Xinlu Huang and David Lundgren discuss hazard and survival modeling, metrics, and data censoring, describing how Opendoor uses these models to estimate holding times for homes and mitigate risk.
/presentations/liquidity-modeling-risk/en/mediumimage/Doibig-1527731396587.JPG)
-
Building Secure Player Experiences at Riot Games
David Rook talks about the Riot Games Application Security program. He focusses on the tech and social aspects of the program and why he feels both are important when it comes to writing secure code.
/presentations/security-riot-games/en/mediumimage/Davbig.JPG)
-
Build the Right Thing - De-risk Your Products with Experiments
Andrea Darabos discusses how to lower the startup risk with Minimum Viable Experiments which help product managers and investors build with more confidence and avoid costly mistakes.
/presentations/minimum-viable-experiments/en/mediumimage/Andreabig.JPG)
-
Is your profiler speaking the same language as you?
This talk covers the classic profiler features. What is a hotspot? What is the difference between sampling and instrumentation from the profiler perspective? What are the problems with those methods?
/presentations/docklands-ljc/en/mediumimage/Simbig.JPG)
-
Weaving Security into the SDLC
Bill Sempf discusses security in the context of the SDLC, presenting the analysis results from reviewing several code sources, the problems found and the corresponding solutions.
/presentations/security-sdlc/en/mediumimage/Billbig.JPG)
-
Release Testing Is Risk Management Theatre
Steve Smith discusses why Release Testing is an anti-pattern, and offers an alternative risk reduction strategy.
/presentations/release-testing/en/mediumimage/Stevebig.jpg)