One of the largest areas of waste in development are poorly formed requirements. This post presents a very simple technique that can be applied to all user stories to improve quality and reduce waste, as well as examining how this can fit into your current planning and estimation workflow via the underused ‘definition of ready’. It’s a very actionable concept that you can apply immediately.
In this article, author discusses three techniques to defend against malicious users in software systems. These techniques includes creating personas to think strategically about the mischief a malicious user might attempt, misuse cases used to determine how the software should respond to unintended use, and activity diagrams annotated with security concerns.
Product risk analysis (PRA) can be done during the various phases of sequential or agile system development. This article shows how to apply PRA to elevate it from project level to domain level.
This article discusses “human experience” testing and uses concepts from human computer interaction design theory to establish a framework for developing “human experience” test scenarios.
Chris Haddad explains in this article what Shadow IT is, what role it plays in the enterprise and why Enterprise IT needs to embrace it, adapt and address Shadow IT requirements, autonomy, and goals.
The Incremental Commitment Spiral Model: Principles and Practices for Successful Systems and Software describes a process model generator. InfoQ interviewed the authors Barry Boehm and Richard Turner.
This InfoQ article series focuses on automation tools and ideas for maintaining dynamic pools of compute resources.
Security. Cloud. Two words that are almost always together but rarely happily. Learn why that isn’t the case and what you need to known about securing your critical infrastructure in the cloud. 3
Mobile operations management is one of the top priorities of modern enterprise and after establishing solutions for device management, the next challenge is to manage and secure mobile business data.
Approximately 60% of all computers sold worldwide today are portable, making them an easy target for criminals. How can your personal data be protected? With one word - encryption! 2
With the news stories of possible data breaches at enterprises like Target, and companies migrating to cloud environments, CIOs have been asking hard questions about cloud security. 2
In this article, authors discuss the role of big data and Hadoop in security analytics space and how to use MapReduce to process data for security analysis.
CONTENT IN THIS BOX
PROVIDED BY OUR SPONSOR
Increase security on compromised platforms with Intel® SGX.
An Intel technology for application developers who are seeking to protect select code and data from disclosure or modification.
A Developer’s Perspective.
Developers have long been constrained by the security capabilities that major platform providers have exposed for application development. How Bromium and wolfSSL employ Intel® SGX to create more secure, next-generation solutions.
Learn more about the Intel SGX SDK, a collection of APIs, libraries, documentation, sample source code, and tools that allows software developers to create and debug Intel SGX enabled applications in C/C++.
Protect Application Code, Data, & Secrets from Attack.
Developers can partition their application into CPU hardened “enclaves” or protected areas of execution that increase security even on compromised platforms.
Intel Software Guard Extensions (SGX) for Dummies.
At its root, Intel® SGX is a set of new CPU instructions that can be used by applications to set aside private regions of code and data.