InfoQ Homepage Security Content on InfoQ
-
Aaron Bedra on Security Testing as Software Engineering
Aaron Bedra talks about property-based testing, BDD-inspired security framework, and how security teams should include developers and be part of the development lifecycle.
-
Interview with Gil Tene on Hardware Transactional Memory
Gil Tene speaks to Alex Blewitt at QCon London 2016 on the upcoming support for hardware transactional memory in server-class Intel chips, and what it will mean for the JVM. Tene discusses what kinds of applications will benefit from speculative lock elision and increasing concurrency in the near future on multi-core server platforms.
-
Adam Wick on Security, Formal Methods, Types, Unikernels, HaLVM, DRM
Adam Wick talks about software security, research into formal methods and randomisation as well as documentation and types to help write secure software, HalVM and other Unikernels, DRM.
-
Paul Fremantle on Security in Internet of Things
The Internet of Things is becoming a part of our lives right now - we are measuring health, we are connecting to our cars, we can open our front door while being half-way around the globe. And while we can benefit from all the sensors and actors around us, there is also a big risk of losing control and data. Paul Fremantle shares some knowledge on potential threads and what we can do about them.
-
Jacob Fahrenkrug on Building a Secure Platform for the Smart Home
The Internet of Things is just around the corner and it will massively impact our lives. Most of the devices in our homes will become connected and collect data or react to certain events. Currently it is still uncertain, how personal data can be protected and leveraged for crowd sourcing and swarm intelligence at the same time. Jacob is sharing the ideas that his company Yetu has to clarify this
-
Todd Montgomery on Protocol Design, Security, Formal Verification Tools
Todd Montgomery explains protocol design, the advantages of binary over text protocols, formal verification tools and methods, and much more.
-
Software Security, Agile & Protection Poker with Laurie Williams & Catherine Louis
Laurie and Catherine share a Planning Poker-type practice called Protection Poker that leverages a diversity of ideas, experience, and knowledge related to software security. Protection Poker provides a collaborative, interactive, and informal structure for abuse case development and threat modeling leading to a software security risk estimate and security risk reduction.
-
Tim Lister on Risk, Arbitration and Changing Realities of Software Development
Tim Lister co-author of Peopleware and Waltzing with Bears, among other books, talks about his experiences arbitrating disputes in systems development, the importance of risk management and how the IT industry is changing with distributed teams.
-
Robert Benefield on Business and Operations Collaboration
Robert Benefield explains the importance of business and operations understanding each other better and how they can kickstart that understanding through collaboration. He talks about the need to find meaningful metrics for business. He discusses how methodologies for operations (ITIL, COBIT) and development (Scrum, Kanban) differ and what can be learned from both.
-
Web Security with Aaron Bedra
Aaron Bedra talks about web security and issues that affect e-commerce and online payments services.
-
Tim Lister on 40 Years of Playing Well with Others
Tim Lister talks about his keynote at the Agile 2013 conference, reflecting on his 40 years in the software industry, the new release of the book Peopleware, risk management in software projects and how teams form.
-
Content Security Policy with Mike West
The Content Security Policy specification is a mechanism web applications can use to mitigate a broad class of content injection vulnerabilities, such as cross-site scripting (XSS). Content Security Policy is a declarative policy that lets web developers inform the client about the sources from which the application expects to load resources.