InfoQ Homepage Security Content on InfoQ
-
Securing Cell-Based Architecture in Modern Applications
Securing cell-based architecture is essential to fully capitalize on its benefits while minimizing risks. To achieve this, comprehensive security measures must be put in place. Organizations can start by isolating and containing cells using sandbox environments and strict access control mechanisms like role-based and attribute-based access control.
-
Optimizing Wellhub Autocomplete Service Latency: a Multi-Region Architecture
Every company wants fast, reliable, and low-latency services. Achieving these goals requires significant investment and effort. In this article, I will share how Wellhub invested in a multi-region architecture to achieve a low-latency autocomplete service.
-
Proactive Approaches to Securing Linux Systems and Engineering Applications
Maintaining a strong security posture is challenging, especially with Linux. An effective approach is proactive and includes patch management, optimized resource allocation, and effective alerting.
-
InfoQ AI, ML and Data Engineering Trends Report - September 2024
InfoQ editorial staff and friends of InfoQ are discussing the current trends in the domain of AI, ML and Data Engineering as part of the process of creating our annual trends report.
-
Efficient DevSecOps Workflows with a Little Help from AI
Michael Friedrich is exploring how teams face varying levels of inefficiency in their DevSecOps processes, hindering progress and innovation. He highlights common issues like excessive debugging time and inefficient workflows, while also demonstrating how Artificial Intelligence (AI) can be a powerful tool to streamline these processes and boost efficiency.
-
WebAssembly, the Safer Alternative to Integrating Native Code in Java
Developers typically choose between porting the code or dynamic linking to run native code on the JVM. This article examines these approaches, using SQLite as an example, and introduces a third option: Chicory Wasm runtime. This alternative combines the advantages of traditional methods while addressing their limitations, potentially offering a more secure solution to integrate native code.
-
Delivering Software Securely: Techniques for Building a Resilient and Secure Code Pipeline
Your CI/CD pipeline can potentially expose sensitive information. Project teams often overlook the importance of securing their pipelines. This article covers approaches and techniques for securing your pipelines.
-
Zero-Knowledge Proofs for the Layman
This article will introduce you to zero-knowledge proofs, a kind of cryptography you can use to provide the proof you know a secret, such as a private key or the solution to a problem, without ever sharing it to an interested party. While many articles exist on the topic, this will not require any high math knowledge.
-
From Compliance-First to Risk-First: Why Companies Need a Culture Shift
Transitioning from a "Compliancе-First" approach to a "Risk-First" mindset rеcognizеs that compliancе should not be viеwеd in isolation, but as a componеnt of a broadеr risk managеmеnt strategy.
-
How to work with Your Auditors to Influence a Better Audit Experience
It is possible to influence a better audit experience, transforming it from a check-the-box exercise with little perceived value to one of true value that helps set you up for success, and with way less pain. This article explores how to experiment with adding agility into audit work while auditing a client, which can lead to better outcomes for you and your auditors.
-
Dealing with Java CVEs: Discovery, Detection, Analysis, and Resolution
This article delves into the importance of integrating Software Composition Analysis (SCA) in CI/CD pipelines for security. It highlights the need for human oversight to accurately assess vulnerability impact and cautions against "alert fatigue." The article also recommends specialized tools for effective vulnerability management.
-
Debugging Production: eBPF Chaos
This article shares insights into learning eBPF as a new cloud-native technology which aims to improve Observability and Security workflows. You’ll learn how chaos engineering can help, and get an insight into eBPF based observability and security use cases. Breaking them in a professional way also inspires new ideas for chaos engineering itself.