BT

Facilitating the Spread of Knowledge and Innovation in Professional Software Development

Write for InfoQ
Register Sign in

Unlock the full InfoQ experience

Unlock the full InfoQ experience by logging in! Stay updated with your favorite authors and topics, engage with content, and download exclusive resources.

Log In
or

Don't have an InfoQ account?

Register
News Articles Presentations Podcasts Guides

Topics

Choose your language

InfoQ Architect Certification - image
InfoQ Architect Certification

Join Luca Mezzalira for this 5-week online cohort. Master socio-technical architecture leadership.

Register Interest.

 QCon London - image
QCon London 2026

Learn what works in AI, architecture, data, security & FinTech.

Early Bird ends Feb 10.

 QCon AI Boston - image
QCon AI Boston

Learn how leading engineering teams run AI in production—reliably, securely, and at scale.

Early Bird ends Feb 10.

 QCon San Francisco - image
QCon San Francisco

Learn what's next in AI and software, from teams already doing it.

Register now.

InfoQ Homepage Security Content on InfoQ

Articles

RSS Feed
Newer Older

  • Commitment – Writing a Graphic Novel explaining Real Options

    Building on their work on Real Options, Chris Matts and Olav Maassen are writing a graphic novel to explain the concepts and share their knowledge in the area. They discussed the novel, the process of producing it and the crowdsourcing model of funding with Shane Hastie from InfoQ. A sample chapter is available for InfoQ readers to download.

    Shane Hastie
    on Apr 05, 2012

  • Interview and Book Review: The CERT Oracle Secure Coding Standard for Java

    "The CERT Oracle Secure Coding Standard for Java" book covers the rules for secure coding using Java programming language and its libraries with the goal to help Java developers eliminate insecure coding practices that can lead to vulnerable code. InfoQ spoke with book authors about how the security rules discussed in the book compare to other security coding frameworks.

    Srini Penchikala
    on Feb 15, 2012

  • 10 tips on how to prevent business value risk

    One category of risk that project teams need to ensure they address is business value failure – delivering a product that fails to provide value for the business investor. The authors provide insight into the underlying causes of business value risk and provide ten tips on how to avoid them.

    Chris Matts Olav Maassen
    on Feb 07, 2012

  • Software Engineering Meets Services and Cloud Computing

    In this IEEE article, authors Stephen Yau and Ho An talk about application development using service-oriented architecture and cloud computing technologies. They also discuss application development challenges like security in a multi-tenant environment, quality-of-service monitoring, and mobile computing.

    Stephen S. Yau Ho G. An
    on Jan 04, 2012

  • Regulatory Compliant Cloud Computing: Rethinking web application architectures for the cloud

    Not all data is sensitive and hence an equal and balanced investment in securing all data categories is not justified. This article presents an architecture that leverages cloud-computing, cloud-storage and enterprise key-management Infrastructure(EKMI) to lower costs while complying to data-security regulations.

    Arshad Noor
    on Dec 16, 2011

  • Introduction to Cloud Security Architecture from a Cloud Consumer's Perspective

    Security concerns are the number one barrier to cloud services adoption. How do we evaluate a vendor's solution? What is an optimal security architecture? What are consumer versus provider responsibilities? What are industry standard patterns in this regard? This article answers some of these questions based on first hand experience dealing with large scale cloud adoption.

    Subra Kumaraswamy
    on Dec 07, 2011

  • Comparison of Intrusion Tolerant System Architectures

    In this IEEE article, authors Quyen L. Nguyen and Arun Sood discuss three types of intrusion tolerant system (ITS) architectures and their efficiency for intrusion tolerance and survivability. For the ITS architectures, they propose a taxonomy with four categories: detection triggered, algorithm driven, recovery based, and hybrid.

    Arun Sood Quyen L. Nguyen
    on Nov 25, 2011

  • Virtual Panel: Security Considerations in Accessing NoSQL Databases

    NoSQL databases offer alternative data storage options for storing unstructured data compared to traditional relational databases. Though the NoSQL databases have been getting a lot of attention lately, the security aspects of storing and accessing NoSQL data haven't been given much emphasis. This article focuses on the security considerations and best practices in accessing the NoSQL databases.

    Srini Penchikala
    on Nov 15, 2011

  • Developer-Driven Threat Modeling

    Threat modeling is critical for assessing and mitigating the security risks in software systems. In this IEEE article, author Danny Dhillon discusses a developer-driven threat modeling approach to identify threats using the dataflow diagrams.

    Danny Dhillon
    on Nov 11, 2011

  • Mobile Attacks and Defense

    In this IEEE article, author Charlie Miller talks about the mobile security vulnerabilities. He explains how smart phones are becoming targets of attackers and discusses security models of two smart phone operating systems: Apple's iOS and Google's Android. The attackers can get remote code to run on a mobile device in two ways: mobile malware and drive-by downloads.

    Charlie Miller
    on Oct 17, 2011

  • Agile is at a crossroad: Scale or fail?

    Risk management is the hottest topic in IT. Processes for effective risk management and investment decision making will allow Agile techniques to scale beyond projects to the enterprise. Without them, Agile will be confined to the ghetto of development. In this article Chris and Olav present some tools and techniques to identify and manage risks on Agile projects.

    Chris Matts Olav Maassen
    on Oct 14, 2011

  • Resilient Security Architecture

    In this IEEE article, author John Diamant talks about how to improve security quality of software applications using a proactive approach with techniques like Security requirements gap analysis and Architectural threat analysis in the early phases of software development life cycle.

    John Diamant
    on Sep 27, 2011
Newer Articles
Older Articles
BT