InfoQ Homepage Security Content on InfoQ
-
/articles/project-to-product-agfa-less/en/smallimage/logo3.jpg)
From a Project to a Product Approach Using LeSS at Agfa Healthcare
By changing the inner workings from a project perspective to a product perspective Agfa Healthcare established a less complicated process using a single backlog for the entire organisation. Main advice is to try to avoid setting up silos where they do not belong. When applying LeSS it is important to stick to its basic rules even though they are, in most organisations, very disruptive.
-
/articles/probabilistic-project-planning/en/smallimage/logo2.jpg)
Probabilistic Project Planning Using Little’s Law
When working on projects, it is most of the time necessary to forecast the project delivery time up front. Little’s Law can help any team that uses user stories for planning and tracking project execution no matter what development process it uses. We use a project buffer to manage the inherent uncertainty associated with planning and executing a fixed-bid project and protect its delivery date.
-
/articles/high-tech-high-sec-security-concerns-in-graph-databases/en/smallimage/logo.jpg)
High Tech, High Sec.: Security Concerns in Graph Databases
Graph NoSQL databases support data models with connected data and relationships. In this article, author discusses the security implications of graph database technology. He talks about the privacy and security concerns in use cases like graph discovery, knowledge management, and prediction.
-
/articles/Security-Staff-1/en/smallimage/logo7.jpg)
Sourcing Security Superheroes: Part 1: Battling Retention and Recruitment
In this three-part series, Monzy Merza will discuss the challenges within organizations to retain and develop top cybersecurity talent, and outline the organizational steps companies can take to keep talent in-house.
-
/articles/hologram/en/smallimage/logo.jpg)
Hologram - Finally, AWS Key Distribution that Makes Sense
Faced with the lack of solutions for secure distribution of AWS access keys to developers, AdRoll decided to build their own open source Hologram, a system that brings Amazon's Instance Profile mechanism to developer workstations. Adair details the process, tool design and main features.
-
/articles/beyond-blacklisting-cyberdefense-advanced-persistent-threats/en/smallimage/logo.jpg)
Beyond Blacklisting: Cyberdefense in the Era of Advanced Persistent Threats
In this article, authors discuss the security vulnerabilities in software applications and how whitelisting approach has advantages over blacklisting. They also talk about how to implement the whitelisting security policies and cost involved with it.
-
/articles/book-review-conscious-agility/en/smallimage/logo-book2.png)
Q&A on Conscious Agility
The book Conscious Agility (Conscious Capitalism + Business Agility = Antifragility) by Si Alhir, Brad Barton and Mark Ferraro describes a design-thinking approach for business to benefit from uncertainty, disorder, and the unknown. An interview about conscious agility and antifragility, increasing business agility, dealing with uncertainty, and the three phases of a conscious agility initiative.
-
/articles/start-with-security/en/smallimage/logo.jpg)
How to Start With Security
Computer security, or the lack thereof, has made many headlines recently. In this article we'll look at how bad things are and what you, as a software developer, can do about it. It will help get you started or hopefully give you some new ideas if you're already doing some security work.
-
/articles/cloud-security-auditing-challenges-and-emerging-approaches/en/smallimage/logo2.jpg)
Cloud Security Auditing: Challenges and Emerging Approaches
Security audits are an important part of IT security programs. In this article, authors highlight the challenges in cloud computing business models, based on interviews with cloud security auditors. They talk about the challenges in the areas of transparency, encryption and colocation and domain-tailored audits as ideal solution in the new model.
-
/articles/employing-enterprise-architecture-for-applications-assurance/en/smallimage/logo.jpg)
Employing Enterprise Architecture for Applications Assurance
In this article, authors discuss how enterprise, software, and security architects can improve software assurance by using the enterprise architecture to promulgate the software security controls. They also talk about other security model components like threat modeling, attack trees, secure design patterns, and misuse cases.
-
/articles/evo-agile-value-delivery/en/smallimage/logo.jpg)
Evo: The Agile Value Delivery Process, Where ‘Done’ Means Real Value Delivered; Not Code
Current agile practices are far too narrowly focused on delivering code to users and customers. There is no systems-wide view of other stakeholders, of databases, and anything else except the code. This article describes what ‘Evo’ is at core, and how it is different from other Agile practices, and why ‘done’ should mean ‘value delivered to stakeholders’.
-
/articles/get-rid-risk/en/smallimage/logo.png)
Getting RID of Risk with Agile
One of the largest areas of waste in development are poorly formed requirements. This post presents a very simple technique that can be applied to all user stories to improve quality and reduce waste, as well as examining how this can fit into your current planning and estimation workflow via the underused ‘definition of ready’. It’s a very actionable concept that you can apply immediately.