BT

Facilitating the Spread of Knowledge and Innovation in Professional Software Development

Write for InfoQ
Register Sign in

Unlock the full InfoQ experience

Unlock the full InfoQ experience by logging in! Stay updated with your favorite authors and topics, engage with content, and download exclusive resources.

Log In
or

Don't have an InfoQ account?

Register
News Articles Presentations Podcasts Guides

Topics

Choose your language

QCon AI New York - image
QCon AI New York 2025

Go from AI demos to real engineering impact. Learn to embed LLMs, govern & scale securely.

SOLD OUT!

 QCon London - image
QCon London 2026

Learn what works in AI, architecture, data, security & FinTech.

Early Bird ends Dec 9.

 QCon AI Boston - image
QCon AI Boston

Learn how leading engineering teams run AI in production—reliably, securely, and at scale.

Launch pricing ends Dec 9.

InfoQ Homepage Security Content on InfoQ

Articles

RSS Feed
Newer Older

  • Comparison of Intrusion Tolerant System Architectures

    In this IEEE article, authors Quyen L. Nguyen and Arun Sood discuss three types of intrusion tolerant system (ITS) architectures and their efficiency for intrusion tolerance and survivability. For the ITS architectures, they propose a taxonomy with four categories: detection triggered, algorithm driven, recovery based, and hybrid.

    Quyen L. Nguyen Arun Sood
    on Nov 25, 2011

  • Virtual Panel: Security Considerations in Accessing NoSQL Databases

    NoSQL databases offer alternative data storage options for storing unstructured data compared to traditional relational databases. Though the NoSQL databases have been getting a lot of attention lately, the security aspects of storing and accessing NoSQL data haven't been given much emphasis. This article focuses on the security considerations and best practices in accessing the NoSQL databases.

    Srini Penchikala
    on Nov 15, 2011

  • Developer-Driven Threat Modeling

    Threat modeling is critical for assessing and mitigating the security risks in software systems. In this IEEE article, author Danny Dhillon discusses a developer-driven threat modeling approach to identify threats using the dataflow diagrams.

    Danny Dhillon
    on Nov 11, 2011

  • Mobile Attacks and Defense

    In this IEEE article, author Charlie Miller talks about the mobile security vulnerabilities. He explains how smart phones are becoming targets of attackers and discusses security models of two smart phone operating systems: Apple's iOS and Google's Android. The attackers can get remote code to run on a mobile device in two ways: mobile malware and drive-by downloads.

    Charlie Miller
    on Oct 17, 2011

  • Agile is at a crossroad: Scale or fail?

    Risk management is the hottest topic in IT. Processes for effective risk management and investment decision making will allow Agile techniques to scale beyond projects to the enterprise. Without them, Agile will be confined to the ghetto of development. In this article Chris and Olav present some tools and techniques to identify and manage risks on Agile projects.

    Chris Matts Olav Maassen
    on Oct 14, 2011

  • Resilient Security Architecture

    In this IEEE article, author John Diamant talks about how to improve security quality of software applications using a proactive approach with techniques like Security requirements gap analysis and Architectural threat analysis in the early phases of software development life cycle.

    John Diamant
    on Sep 27, 2011

  • Architecting a Cloud-Scale Identity Fabric

    In this IEEE article, author Eric Olden discusses an identity fabric that links multiple applications to a single identity to manage the volume of user identities that network administrators must secure and to enable a full-scale cloud adoption.

    Eric Olden
    on Jun 29, 2011

  • Interview and Book Excerpt: CERT Resilience Management Model

    CERT Resilience Management Model (CERT-RMM), developed at Software Engineering Institute (SEI), defines the processes for managing operational resilience in complex risk-evolving environments. InfoQ spoke with Rich Caralli, Technical Manager of the CERT Resilient Enterprise Management Team, about RMM framework and the book he co-authored.

    Srini Penchikala
    on May 30, 2011

  • A Process for Managing Risks in Distributed Teams

    In this IEEE article, John Stouby Persson and Lars Mathiassen discuss a process for managing risks associated in managing the distributed software projects. The process includes identifying and analyzing distributed-team risks in the areas of task distribution, geographical and cultural distribution, stakeholder relations and communication infrastructure.

    John Stouby Persson Lars Mathiassen
    on May 10, 2011

  • Threat Modeling Express

    In this article, authors Rohit Sethi and Sahba Kazerooni discuss an agile threat modeling approach called "Threat Modeling Express" that can be used to collaboratively define threats and countermeasures based on the business priorities.

    Rohit Sethi Sahba Kazerooni
    on May 09, 2011

  • Cloud Computing Roundtable

    In this IEEE panel discussion article, guest editors Ivan Arce and Anup Ghosh facilitated the discussion on cloud computing security risks. The panelists are Eric Grosse (Google Security), John Howie (Microsoft), James Ransome (Cisco), Jim Reavis (Cloud Security Alliance) and Stephen Schmidt (Amazon Web Services).

    Anup Ghosh Ivan Arce
    on Apr 11, 2011
  • Java

    Application Security With Apache Shiro

    Apache Shiro is a Java security framework that provides simple but powerful approach to application security. This article introduces the framework and explains Apache Shiro’s project goals, architectural philosophies and how you might use Shiro to secure your own applications.

    Les Hazlewood
    on Mar 14, 2011
Newer Articles
Older Articles
BT