InfoQ Homepage Security Content on InfoQ
-
/articles/smart-home-permission-models/en/smallimage/logo.jpg)
Security Implications of Permission Models in Smart-Home Application Frameworks
This article presents an analysis of a popular smart-home programming framework, SmartThings, which reveals that many smart-home apps are automatically overprivileged, leaving users at risk for remote attacks that can cause physical, financial, and psychological harm.
-
/articles/iot-programmable-world-roadmap/en/smallimage/article-logo.jpg)
A Roadmap to the Programmable World
The emergence of millions of remotely programmable devices in our surroundings will pose significant challenges for software developers. This article proposes a roadmap from today’s cloud-centric, data-centric Internet of Things systems to the Programmable World highlights those challenges that haven’t received enough attention yet.
-
/articles/jovanovic-norix-iot-blockchain/en/smallimage/crypto.jpg)
Philipp Jovanovic on NORX, IoT Security and Blockchain
In this interview, originally published on InfoQ France, Mathieu Bolla talks to Philipp Jovanovic, a Cryptographer at EPFL, about NORX, IoT Security and keeping yourself safe on-line, and Blockchain.
-
/articles/cloud-application-principles/en/smallimage/GettyImages-538362390-2.jpg)
Taking an Application-Oriented Approach to Cloud Adoption
Taking an infrastructure-centric approach to cloud adoption can lead to unrealized benefits. Architect Amit Kumar outlines eleven principles to consider when introducing cloud services into your architecture.
-
/articles/serverless-takes-devops-next-level/en/smallimage/GettyImages-545558628-copy.jpg)
Serverless Takes DevOps to the Next Level
Serverless doesn’t only supplement DevOps, but it goes beyond the current thinking on how IT organisations can achieve greater business agility. It’s geared towards the rapid delivery of business value and continuous improvement and learning, and as such has clear potential to drive substantial cultural change, even in organisations that have adopted DevOps culture and practices already.
-
/articles/security-cloud-cheslock/en/smallimage/LOGO-b.jpeg)
A Security Approach for a Cloudy World: An Interview with Pete Cheslock
Does your approach to application and data center security change when adopting cloud services? To learn more about this topic, InfoQ reached out to Pete Cheslock, head of operations and support teams at Threat Stack.
-
/articles/immuta-gdpr-implications/en/smallimage/logo-devops.jpeg)
Q&A with Immuta on the Implications of EU’s General Data Protection Regulation (GDPR)
InfoQ talked with Immuta’s Andrew Burt and Steve Touw, to better understand the implications and challenges of the EU's Global Data Protection Regulation, which will come into effect in May 2018.
-
/articles/book-review-antifragility-edge/en/smallimage/TAE-AiP-JEG.jpg)
Q&A on The Antifragility Edge: Antifragility in Practice
In the book The Antifragility Edge, Sinan Si Alhir shows how antifragility has been applied to help organizations evolve and thrive. He provides examples of how antifragility can be used beyond agility on an individual, collective (team and community) and enterprise level, and explores a roadmap for businesses to achieve greater antifragility.
-
/articles/security-lessons-from-devops/en/smallimage/logo.jpg)
Five Lessons Security Can Learn from DevOps
Just as DevOps emerged to meet new business needs, new approaches in security are now needed to address the challenges of a DevOps-driven world. These new security approaches themselves must incorporate DevOps practices that rely on modularity, automation, standardization, auditability, and mirrored systems.
-
/articles/effective-code-reviews/en/smallimage/agile-logo.jpg)
Ways to Make Code Reviews More Effective
Performing Code Reviews helps to increase code quality, share knowledge and responsibility, and build better software and a better team. However, the big question remains – what is it we should be looking for? There are a lot of different things to consider. This article will list a wide range of items to check, and drill a little deeper into two specific areas: performance and security.
-
/articles/site-reliability-engineering/en/smallimage/lrg-bookreview.jpg)
Book Review: Site Reliability Engineering - How Google Runs Production Systems
"Site Reliability Engineering - How Google Runs Production Systems" is an open window into Google's experience and expertise on running some of the largest IT systems in the world. The book describes the principles that underpin the Site Reliability Engineering discipline. It also details the key practices that allow Google to grow at breakneck speed without sacrificing performance or reliability.
-
/articles/predictably-adaptable/en/smallimage/dimitar-logo.jpg)
Adaptable or Predictable? Strive for Both – Be Predictably Adaptable!
Our efforts to improve software development face the question of what to focus on. Should we govern for predictability without concern of value, maximizing cost-efficiency without concern for end-to-end responsiveness? Or maybe do the opposite and govern for value over predictability, focus on responsiveness over cost efficiency? What we really need is to be predictably adaptable.