BT

InfoQ Homepage Security Assessment Content on InfoQ

News

RSS Feed
  • Simplifying Blockchain Security Using Hyperledger Ursa

    In a recent blog post, the Hyperledger project announced that their latest project, Hyperledger Ursa, has been accepted by the Technical Steering Committee (TSC). Ursa’s primary objective is to simplify and consolidate cryptographic libraries in a trusted, consumable manner for use in distributed ledger technology projects in an interoperable way.

  • DevSecOps Grows Up and Finds Itself a Community

    On June 28th, the first DevSecOps Days event came to London following a similar event in San Francisco in April. It kicked off with a welcome address from event founders, Mark Miller and John Willis, who explained that the intention is to replicate the DevOpsDays model and empower communities worldwide to stand up their own events.

  • Docker Security Benchmark

    Docker Inc have worked with the Center for Internet Security (CIS) to produce a benchmark document containing numerous recommendations for the security of Docker deployments. The benchmark was announced in a blog post ‘Understanding Docker Security and Best Practices’ by Diogo Mónica who was recently hired along with Nathan McCauley to lead the Docker Security team.

  • Node Security Project Aims at Making Node.js More Secure

    Node Security Project has been quietly working at improving Node.js security for a few months now. The project has the goal of auditing Node.js existing module base to help "improve Node landscape and provide confidence to developers and enterprises about the state of security in Node.js land."

  • Continuous Security Testing With Gauntlt

    James Wickett, from Gauntlt core team, gave a tutorial at Velocity Conf London about integrating security testing in the continuous integration cycle for early feedback on application security level. James stressed the importance of regularly checking for security as release delivery rates increase with continuous delivery.

  • Applying Security by Design with the CMMI for Development

    To enable development of secure products, processes covering the software development life cycle have to include security activities. Winfried Russwurm from Siemens and Peter Panholzer from Limes Security facilitated a workshop at the SEPG Europe 2013 conference where they explored security activities and presented the Application Guide for Improving Processes for Secure Products.

  • S is for Security

    Frank Breedijk, security officer at Schuberg Philis, talks about the friction points between security and DevOps and how to collaborate to avoid them. Examples include automating security tests and environments, reducing scope of security audits to relevant system components only or allowing security fixes to jump the queue of changes to production.

  • DevOps Days Amsterdam Day 1 Focused on Continuous Delivery and DevOps Culture

    The first day of DevOps Days Amsterdam had its focus split between continuous delivery and promoting a DevOps culture. Talks focused on how to automate the deployment pipeline but also system recovery in case of failure. On the culture side leveraging distinct personality types to successfully introduce changes and the positive impact of strong company culture on hiring were some of the takeaways.

  • IEEE’s Hans Karlsson Standards Award 2012 for Paul R. Croll

    IEEE announced that the Hans Karlsson Standard Award 2012 has been given to Paul R. Croll for dedicated leadership of the IEEE Systems and Software Engineering Standards Committee, and for his diplomacy and collaboration in facilitating the development of a collection of high-quality standards.

  • Security Assessment Techniques: Code Review v Pen Testing

    Web application security testing and assessment should include both security code review and penetration testing techniques. Dave Wichers, an OWASP Board Member, spoke at the recent AppSec DC 2010 Conference about the pros and cons of code reviews and penetration testing approaches in finding security vulnerabilities in web applications.

BT

Is your profile up-to-date? Please take a moment to review and update.

Note: If updating/changing your email, a validation request will be sent

Company name:
Company role:
Company size:
Country/Zone:
State/Province/Region:
You will be sent an email to validate the new email address. This pop-up will close itself in a few moments.