InfoQ Homepage Security Content on InfoQ
-
GitLab Introduces Advanced Vulnerability Tracking to Tackle Code Volatility and Double Reporting
GitLab has introduced a new feature that addresses two significant challenges in vulnerability management: code volatility and double reporting. Code volatility refers to the frequent changes in codebases that can reintroduce previously resolved vulnerabilities, while double reporting occurs when multiple security tools identify the same vulnerability.
-
Google Cloud Introduces Quantum-Safe Digital Signatures in Cloud KMS to Future-Proof Data Security
Google has introduced quantum-safe digital signatures in its Cloud Key Management Service, adhering to NIST post-quantum cryptography standards. This vital update counters the imminent threats of quantum computing on traditional encryption methods, enabling organizations to integrate resilient, future-proof security measures seamlessly.
-
Ensuring Security without Harming Software Development Productivity
Security can be at odds with a fast and efficient development process. At QCon San Francisco Dorota Parad presented how to create a foundation for security without negatively impacting engineering productivity. She showed how you can make your security strategy almost invisible to the engineers while embedding it deep into the culture at the same time.
-
AWS Launches Trust Center: a Centralized Resource for Security and Compliance Information
AWS Trust Center is a comprehensive online resource that enhances cloud security transparency. It details AWS's security practices, compliance protocols, and data protection controls, making it easier for customers to understand and manage their cloud security. This centralized hub provides real-time service status, security bulletins and essential resources, improving client trust & confidence.
-
Most Companies Experience Weekly Outages: The State of Resilience 2025 Report
According to The State of Resilience 2025 Report, published by Cockroach Labs, outages are commonplace in most organizations, with 55% of companies reporting weekly and 14% reporting daily outages. Staggering 100% of survey participants experienced revenue losses due to outages, with some companies (8%) reporting losses of USD $1 million or higher over the last 12 months.
-
Build Resilient Systems with Insights on AI, Multi-Cloud, Leadership & Security at QCon London 2025
From AI and ML to cloud, leadership, and modern data strategies, QCon London 2025, April 7-10, features 15 tracks of insights from 125+ senior practitioners. Discover practical solutions to scaling architectures, enhancing productivity, securing supply chains, and integrating cutting-edge technologies - all through real-world examples and actionable takeaways.
-
OpenAI Presents Research on Inference-Time Compute to Better AI Security
OpenAI presented Trading Inference-Time Compute for Adversarial Robustness, a research paper that investigates the relationship between inference-time compute and the robustness of AI models against adversarial attacks.
-
Microsoft Launches Azure Confidential VMs with NVIDIA Tensor Core GPUs for Enhanced Secure Workloads
Microsoft's Azure has launched the NCC H100 v5 virtual machines, now equipped with NVIDIA Tensor Core GPUs, enhancing secure computing for high-performance workloads. These VMs leverage AMD EPYC processors for robust data protection, making them ideal for tasks like AI model training and inferencing, while ensuring a trusted execution environment for sensitive applications.
-
JFrog Integrates Runtime Security for Enhanced DevSecOps Platform
JFrog has introduced JFrog Runtime to its suite of security capabilities, adding real-time vulnerability detection to its software supply chain platform. This update is aimed at developers and DevSecOps teams working with Kubernetes clusters and cloud-native applications.
-
Elastic and Google Cloud Collaborate for Enhanced Security Analytics
Recently, Elastic and Google Cloud discussed their partnership to deliver a comprehensive security solution. This collaboration merges the Elastic Search AI Platform with Google Cloud's scalable and secure infrastructure, establishing a security platform designed to safeguard hybrid workloads.
-
AWS Introduces Logically Air-Gapped Vault for Enhanced Data Security
AWS recently announced the public preview of AWS Backup logically air-gapped vault, a new type of vault that can be shared for recovery with other accounts using AWS Resource Access Manager (RAM).
-
GhostWrite Vulnerability in C910 and C920 RISC-V CPUs
CISPA security researchers have discovered a vulnerability they’ve called ‘GhostWrite’ that’s caused by a hardware bug in T-Head’s XuanTie C910 and C920 RISC-V CPUs. Vector extensions that are supposed to provide translation of virtual memory addresses to physical addresses don’t work, meaning that an attacker can gain access to the contents of memory and any attached devices.
-
AWS Launches Open-Source Agent for AWS Secrets Manager
Amazon Web Services (AWS) has launched a new open-source agent for AWS Secrets Manager. According to the company, this agent simplifies the process of retrieving secrets from AWS Secrets Manager, enabling secure and streamlined application access.
-
Microsoft Entra Suite Now Generally Available: Identity and Security Based Upon Zero-Trust Models
Microsoft has announced the general availability of its Entra Suite. According to the company, the suite provides a solution that integrates identity and security, facilitating a more unified approach to security operations.
-
JEP 472: Prepare to Restrict the Use of JNI in JDK 24
JEP 472, now Proposed to Target, aims to issue warnings for using the Java Native Interface (JNI) and adjust the Foreign Function & Memory (FFM) API for consistent warnings. This prepares developers for future releases that restrict JNI and the FFM API to ensure integrity by default.