Facilitating the Spread of Knowledge and Innovation in Professional Software Development

Unlock the full InfoQ experience

Unlock the full InfoQ experience by logging in! Stay updated with your favorite authors and topics, engage with content, and download exclusive resources.

Don't have an InfoQ account?

Stay updated on topics and peers that matter to youReceive instant alerts on the latest insights and trends.
Quickly access free resources for continuous learningMinibooks, videos with transcripts, and training materials.
Save articles and read at anytimeBookmark articles to read whenever youre ready.

Logo - Back to homepage

News Articles Presentations Podcasts Guides

Topics

Development

Featured in Development

Are We Ready for the Next Cyber Security Crisis Like Log4shell?

Soroosh Khodami discusses why we aren't ready for the next Log4Shell. He shares live demos of dependency confusion and compromised builds, explaining how minor oversights gift hackers total system access. He explains the value of Software Bill of Materials (SBOM), dependency firewalls, and shifting security left to build resilient DevSecOps cultures that protect the modern software supply chain.

All in development

Architecture & Design

Featured in Architecture & Design

Panel: Taking Architecture out of the Echo Chamber

Andrew Harmel-Law and a panel of expert architects discuss the shifting practice of architecture in 2025. They explain strategies for communicating technical debt to stakeholders, the benefits of decentralized decision-making through ADRs, and the career paths of modern leaders. The panel shares insights on bridging the gap between mobile and backend teams to ensure a holistic system.

All in architecture-design

AI Infrastructure

Featured in AI, ML & Data Engineering

Directing a Swarm of Agents for Fun and Profit

Adrian Cockcroft explains the transition from cloud-native to AI-native development. He shares his "director-level" approach to managing swarms of autonomous agents using tools like Cursor and Claude Flow. Discussing real-world experiments in BDD, MCP servers, and language porting, he discusses why the future of engineering lies in building platforms that orchestrate AI-driven development.

All in ai-ml-data-eng

Culture & Methods

Featured in Culture & Methods

The Principal Engineer’s Path: Skills, Strategies, and Lessons Learned

Sophie Weston explains that technical careers are winding journeys, not straight ladders. Drawing on 30 years of experience, she shares how senior ICs can become "broken combs" by broadening skills in systems thinking and strategy. She discusses the vital role of organizational flexibility and explains how public speaking and community engagement create feedback loops for career success.

All in culture-methods

DevOps

Featured in DevOps

Securing the AI Stack: From Model to Production

This eMag explores the shift from AI experimentation to production, where legacy defenses fall short. We dive into the critical trifecta of AI-driven phishing, model poisoning, and cloud governance. By rethinking security as a lifecycle responsibility, this issue provides a roadmap for securing the machine age through layered tactics, robust MLOps, and responsible deployment frameworks.

All in devops

Events

Helpful links

Choose your language

InfoQ Architect Certification

Join Luca Mezzalira for this 5-week online cohort. Master socio-technical architecture leadership.

Register Now.

QCon AI Boston

Learn how leading engineering teams run AI in production—reliably, securely, and at scale.

Early Bird ends April 14.

QCon San Francisco

Learn what's next in AI and software, from teams already doing it.

Early Bird ends April 14.

InfoQ Homepage Security Vulnerabilities Content on InfoQ

News

RSS Feed

Newer Older

A Train-Wreck Waiting To Happen: Managed Code and the Windows Shell

The CLR has a major design flaw; each process can only have one. When you combine this with a ubiquitous process like explorer.exe, disaster can strike.

Jonathan Allen
on Dec 20, 2006
Preventing SQL Injection Attacks in .NET Applications

Back in September InfoQ reported on Michael Sutton's alarming study of SQL injection vulnerabilities. Fortunately Scott Guthrie shows us that preventing most of them in .NET is not that hard.

Jonathan Allen
on Oct 24, 2006
Study Shows That 11% of Sites Are Vulnerable to SQL Injection Attacks

In an informal study, Michael Sutton of SPI Dynamics was able to demonstrate that 80 out of 708 tested web sites were susceptible to SQL injection attacks.

Jonathan Allen
on Sep 30, 2006

Newer News

Older News

Unlock the full InfoQ experience

Don't have an InfoQ account?

Topics

Are We Ready for the Next Cyber Security Crisis Like Log4shell?

Panel: Taking Architecture out of the Echo Chamber

Directing a Swarm of Agents for Fun and Profit

The Principal Engineer’s Path: Skills, Strategies, and Lessons Learned

Securing the AI Stack: From Model to Production

Helpful links

Choose your language

News

A Train-Wreck Waiting To Happen: Managed Code and the Windows Shell

Preventing SQL Injection Attacks in .NET Applications

Study Shows That 11% of Sites Are Vulnerable to SQL Injection Attacks

Dynamic Languages Faster and Cheaper in 13-Language Claude Code Benchmark

GitHub Will Use Copilot Interaction Data from Free, Pro, and Pro+ Users to Train AI Models

QCon London 2026: Team Topologies as the ‘Infrastructure for Agency’ with AI

Anthropic Designs Three-Agent Harness Supports Long-Running Full-Stack AI Development

Panel: Taking Architecture out of the Echo Chamber

Replacing Database Sequences at Scale without Breaking 100+ Services

How to Handle Trusts and Psychological Safety When Scaling Organizations

The Principal Engineer’s Path: Skills, Strategies, and Lessons Learned

Agentic AI Patterns Reinforce Engineering Discipline

TigerFS Mounts PostgreSQL Databases as a Filesystem for Developers and AI Agents

Directing a Swarm of Agents for Fun and Profit

Optimization in Automated Driving: from Complexity to Real-Time Engineering

Open Source Security Tool Trivy Hit by Supply Chain Attack, Prompting Urgent Industry Response

PyPI Supply Chain Attack Compromises LiteLLM, Enabling the Exfiltration of Sensitive Information

Kubernetes Autoscaling Demands New Observability Focus beyond Vendor Tooling

InfoQ Architect Certification

QCon AI Boston

QCon San Francisco

InfoQ Software Architects' Newsletter

News