BT

Facilitating the Spread of Knowledge and Innovation in Professional Software Development

Write for InfoQ
Register Sign in

Unlock the full InfoQ experience

Unlock the full InfoQ experience by logging in! Stay updated with your favorite authors and topics, engage with content, and download exclusive resources.

Log In
or

Don't have an InfoQ account?

Register
News Articles Presentations Podcasts Guides

Topics

Choose your language

QCon AI New York - image
QCon AI New York 2025

Go from AI demos to real engineering impact. Learn to embed LLMs, govern & scale securely.

SOLD OUT!

 InfoQ Architect Certification - image
InfoQ Architect Certification

Join Luca Mezzalira for this 5-week online cohort. Master socio-technical architecture leadership.

Save your spot.

 QCon London - image
QCon London 2026

Learn what works in AI, architecture, data, security & FinTech.

Early Bird ends Jan 13.

 QCon AI Boston - image
QCon AI Boston

Learn how leading engineering teams run AI in production—reliably, securely, and at scale.

Early Bird ends Jan 13.

InfoQ Homepage Security Content on InfoQ

Articles

RSS Feed
Newer Older

  • 10 tips on how to prevent business value risk

    One category of risk that project teams need to ensure they address is business value failure – delivering a product that fails to provide value for the business investor. The authors provide insight into the underlying causes of business value risk and provide ten tips on how to avoid them.

    Chris Matts Olav Maassen
    on Feb 07, 2012

  • Software Engineering Meets Services and Cloud Computing

    In this IEEE article, authors Stephen Yau and Ho An talk about application development using service-oriented architecture and cloud computing technologies. They also discuss application development challenges like security in a multi-tenant environment, quality-of-service monitoring, and mobile computing.

    Stephen S. Yau Ho G. An
    on Jan 04, 2012

  • Regulatory Compliant Cloud Computing: Rethinking web application architectures for the cloud

    Not all data is sensitive and hence an equal and balanced investment in securing all data categories is not justified. This article presents an architecture that leverages cloud-computing, cloud-storage and enterprise key-management Infrastructure(EKMI) to lower costs while complying to data-security regulations.

    Arshad Noor
    on Dec 16, 2011

  • Introduction to Cloud Security Architecture from a Cloud Consumer's Perspective

    Security concerns are the number one barrier to cloud services adoption. How do we evaluate a vendor's solution? What is an optimal security architecture? What are consumer versus provider responsibilities? What are industry standard patterns in this regard? This article answers some of these questions based on first hand experience dealing with large scale cloud adoption.

    Subra Kumaraswamy
    on Dec 07, 2011

  • Comparison of Intrusion Tolerant System Architectures

    In this IEEE article, authors Quyen L. Nguyen and Arun Sood discuss three types of intrusion tolerant system (ITS) architectures and their efficiency for intrusion tolerance and survivability. For the ITS architectures, they propose a taxonomy with four categories: detection triggered, algorithm driven, recovery based, and hybrid.

    Quyen L. Nguyen Arun Sood
    on Nov 25, 2011

  • Virtual Panel: Security Considerations in Accessing NoSQL Databases

    NoSQL databases offer alternative data storage options for storing unstructured data compared to traditional relational databases. Though the NoSQL databases have been getting a lot of attention lately, the security aspects of storing and accessing NoSQL data haven't been given much emphasis. This article focuses on the security considerations and best practices in accessing the NoSQL databases.

    Srini Penchikala
    on Nov 15, 2011

  • Developer-Driven Threat Modeling

    Threat modeling is critical for assessing and mitigating the security risks in software systems. In this IEEE article, author Danny Dhillon discusses a developer-driven threat modeling approach to identify threats using the dataflow diagrams.

    Danny Dhillon
    on Nov 11, 2011

  • Mobile Attacks and Defense

    In this IEEE article, author Charlie Miller talks about the mobile security vulnerabilities. He explains how smart phones are becoming targets of attackers and discusses security models of two smart phone operating systems: Apple's iOS and Google's Android. The attackers can get remote code to run on a mobile device in two ways: mobile malware and drive-by downloads.

    Charlie Miller
    on Oct 17, 2011

  • Agile is at a crossroad: Scale or fail?

    Risk management is the hottest topic in IT. Processes for effective risk management and investment decision making will allow Agile techniques to scale beyond projects to the enterprise. Without them, Agile will be confined to the ghetto of development. In this article Chris and Olav present some tools and techniques to identify and manage risks on Agile projects.

    Chris Matts Olav Maassen
    on Oct 14, 2011

  • Resilient Security Architecture

    In this IEEE article, author John Diamant talks about how to improve security quality of software applications using a proactive approach with techniques like Security requirements gap analysis and Architectural threat analysis in the early phases of software development life cycle.

    John Diamant
    on Sep 27, 2011

  • Architecting a Cloud-Scale Identity Fabric

    In this IEEE article, author Eric Olden discusses an identity fabric that links multiple applications to a single identity to manage the volume of user identities that network administrators must secure and to enable a full-scale cloud adoption.

    Eric Olden
    on Jun 29, 2011

  • Interview and Book Excerpt: CERT Resilience Management Model

    CERT Resilience Management Model (CERT-RMM), developed at Software Engineering Institute (SEI), defines the processes for managing operational resilience in complex risk-evolving environments. InfoQ spoke with Rich Caralli, Technical Manager of the CERT Resilient Enterprise Management Team, about RMM framework and the book he co-authored.

    Srini Penchikala
    on May 30, 2011
Newer Articles
Older Articles
BT