BT

Facilitating the Spread of Knowledge and Innovation in Professional Software Development

Write for InfoQ
Register Sign in

Unlock the full InfoQ experience

Unlock the full InfoQ experience by logging in! Stay updated with your favorite authors and topics, engage with content, and download exclusive resources.

Log In
or

Don't have an InfoQ account?

Register
News Articles Presentations Podcasts Guides

Topics

Choose your language

QCon AI New York - image
QCon AI New York 2025

Go from AI demos to real engineering impact. Learn to embed LLMs, govern & scale securely.

SOLD OUT!

 InfoQ Architect Certification - image
InfoQ Architect Certification

Join Luca Mezzalira for this 5-week online cohort. Master socio-technical architecture leadership.

Save your spot.

 QCon London - image
QCon London 2026

Learn what works in AI, architecture, data, security & FinTech.

Early Bird ends Dec 20.

 QCon AI Boston - image
QCon AI Boston

Learn how leading engineering teams run AI in production—reliably, securely, and at scale.

Early Bird ends Jan 13.

InfoQ Homepage Security Content on InfoQ

News

RSS Feed
Newer Older

  • Integration of SABSA Security Architecture Approaches with TOGAF ADM

    Security architecture has always been considered a separate discipline from enterprise architecture which has led to piecemeal strategies and consequently increased exposure to security vulnerabilities. By integrating SABSA concepts into the TOGAF framework, architects can leverage a risk driven enterprise architecture approach that addresses security concerns driven by business requirements.

    Jeevak Kasarkod
    on Nov 13, 2011

  • Security Vulnerabilities in Amazon and Eucalyptus

    A recent paper published by researchers in Germany reveals multiple security vulnerabilities in Amazon Web Services (AWS) and Eucalyptus's SOAP and web interfaces. The flaws are related to architectural choices which impacts multiple users and the overall cloud security.

    Jeevak Kasarkod
    on Nov 04, 2011

  • Ron Monzillo on Java Identity API and JSR 351

    The Java Identity API provides a framework for representing and interacting with identity attributes in Java applications. Ron Monzillo, specification lead for JSR 351, the spec for this API, spoke at the JavaOne 2011 Conference last week about the JSR proposal scope, its current state and future plans for the specification.

    Srini Penchikala
    on Oct 15, 2011

  • Kernel.org Back After Security Breach

    After over a month since Kernel.org's security breach was announced (and subsequently taken off-line), the Kernel.org website has been brought back on-line.

    Alex Blewitt
    on Oct 04, 2011

  • Mozilla Considers Blacklisting Java

    The Mozilla Foundation has publicly considered disabling Java from running in the browser environment, thanks to recent research that indicates Java is the top of the three vectors for security exploits in the browser.

    Alex Blewitt
    on Oct 03, 2011

  • U.S. Government Program Seeks Alternatives to Passwords

    In an effort to find viable alternatives to the false security offered by passwords, a new U.S. government program is trying to find consensus on standards with leaders of private industry. The new National Strategy for Trusted Identities in Cyberspace (NSTIC) program was formed early in 2011 with limited funding but ambitious objectives.

    Richard Seroter
    on Aug 25, 2011

  • Amazon Releases Services To Lure Enterprises to the Cloud

    Amazon.com formally added three new capabilities to its cloud computing portfolio with the introduction of Direct Connect and the updates to the Virtual Private Cloud and Identity and Access Management services. These offerings are targeted at organizations looking to construct hybrid or private clouds on the Amazon Web Services platform.

    Richard Seroter
    on Aug 15, 2011

  • Should the Web be Encrypted?

    Last week, the Electronic Frontier Foundation (EFF), in collaboration with the Tor Project, has launched an official 1.0 version of HTTPS Everywhere, a tool for the Firefox web browser that helps secure web browsing by encrypting connections to more than 1,000 websites.

    Jean-Jacques Dubray
    on Aug 07, 2011

  • Microsoft Rejects WebGL for Security Reasons

    Microsoft cites two reports analyzing security flaws in WebGL as the main reason for not endorsing a 3D graphic standard actively supported by Google, Mozilla, Opera, and Apple.

    Abel Avram
    on Jun 17, 2011

  • New DMTF WorkGroup To Address Cloud Security Concerns Through Cloud Audit Standards

    Security concerns still remain the top inhibitor of cloud adoption and cloud audits will alleviate some of these concerns. DMTF instituted the Cloud Audit Data Federation Work Group (CADFWG) to define specifications which will empower organizations to audit cloud-based IT resources, regardless of their chosen cloud provider.

    Jeevak Kasarkod
    on May 08, 2011

  • Security in the Software Development Lifecycle

    Application security must be integrated into software development process. Late stage penetration testing is not sufficient because it will be too late and too expensive to fix mistakes. Steve Lipner from Microsoft spoke during the application security seminar at RSA conference last week about security in the software development lifecycle.

    Srini Penchikala
    on Feb 21, 2011

  • Bill Veghte on Securing the Enterprise in a Changing World

    Bill Veghte from HP said that organizations need to adopt a new model for securing critical corporate infrastructure assets and information to support the modern business. He gave a keynote presentation at RSA 2011 Conference on Wednesday. IT is tied more closely to the business than ever and the new digital business model requires a new approach for managing security.

    Srini Penchikala
    on Feb 18, 2011

  • A Proposal for an HTTP Digital Signature Protocol and API

    Bill Burke, JBoss's Chief Architect and REST Easy Project Lead, published last week a proposal for a Digital Signature Protocol over HTTP. "DSig" is rapidly gaining popularity, more than 10 years after it was designed, due to the emergence of composite applications and the need to establish trusted relationships between their clients and services.

    Jean-Jacques Dubray
    on Feb 16, 2011

  • Oracle Releases Hotfix for the Double.parseDouble Bug in Record Time

    Oracle has released a hotfix for a recently re-discovered decade-old bug in the Java platform which could be used for denial of service attacks on servers. The fix was issued in record time.

    Charles Humble
    on Feb 10, 2011

  • Will SSL Collapse Under its Own Weight?

    Lori MacVittie from F5 Networks provided an analysis of the recent adoption of NIST SSL Deployment Guidelines by the US Government as of January 2011. Since all commercial certificate authorities now issue only 2048-bit keys, the capacity of a server to process SSL is severely impacted and invalidates the general belief that SSL is not computationally expensive.

    Jean-Jacques Dubray
    on Feb 02, 2011
Newer News
Older News
BT