In this three-part series, Monzy Merza will discuss the challenges within organizations to retain and develop top cybersecurity talent, and outline the organizational steps companies can take to keep talent in-house.
Faced with the lack of solutions for secure distribution of AWS access keys to developers, AdRoll decided to build their own open source Hologram, a system that brings Amazon's Instance Profile mechanism to developer workstations. Adair details the process, tool design and main features.
In this article, authors discuss the security vulnerabilities in software applications and how whitelisting approach has advantages over blacklisting. They also talk about how to implement the whitelisting security policies and cost involved with it.
The book Conscious Agility (Conscious Capitalism + Business Agility = Antifragility) describes a design-thinking approach for business to benefit from uncertainty, disorder, and the unknown.
Computer security, or the lack thereof, has made many headlines recently. In this article we'll look at how bad things are and what you, as a software developer, can do about it.
Security audits are an important part of IT security programs. In this article, authors highlight the challenges in cloud computing business models, based on interviews with cloud security auditors.
In this article, authors discuss how enterprise, software, and security architects can improve software assurance by using the enterprise architecture to promulgate the software security controls.
This article describes what ‘Evo’ is at core, and how it is different from other Agile practices, and why ‘done’ should mean ‘value delivered to stakeholders’. 1
One of the largest areas of development waste are poorly formed requirements. This post presents a very simple technique that can be applied to all user stories to improve quality and reduce waste. 3
In this article, author discusses three techniques to defend against malicious users in software systems. The techniques includes creating personas, misuse cases and annotated activity diagrams.
Product risk analysis (PRA) can be done during the various phases of sequential or agile system development. This article shows how to apply PRA to elevate it from project level to domain level.
This article discusses “human experience” testing and uses concepts from human computer interaction design theory to establish a framework for developing “human experience” test scenarios.