BT

Facilitating the Spread of Knowledge and Innovation in Professional Software Development

Write for InfoQ
Register Sign in

Unlock the full InfoQ experience

Unlock the full InfoQ experience by logging in! Stay updated with your favorite authors and topics, engage with content, and download exclusive resources.

Log In
or

Don't have an InfoQ account?

Register
News Articles Presentations Podcasts Guides

Topics

Choose your language

QCon AI New York - image
QCon AI New York 2025

Go from AI demos to real engineering impact. Learn to embed LLMs, govern & scale securely.

SOLD OUT!

 InfoQ Architect Certification - image
InfoQ Architect Certification

Join Luca Mezzalira for this 5-week online cohort. Master socio-technical architecture leadership.

Save your spot.

 QCon London - image
QCon London 2026

Learn what works in AI, architecture, data, security & FinTech.

Early Bird ends Jan 13.

 QCon AI Boston - image
QCon AI Boston

Learn how leading engineering teams run AI in production—reliably, securely, and at scale.

Early Bird ends Jan 13.

InfoQ Homepage Security Content on InfoQ

News

RSS Feed
Newer Older

  • Kernel.org Back After Security Breach

    After over a month since Kernel.org's security breach was announced (and subsequently taken off-line), the Kernel.org website has been brought back on-line.

    Alex Blewitt
    on Oct 04, 2011

  • Mozilla Considers Blacklisting Java

    The Mozilla Foundation has publicly considered disabling Java from running in the browser environment, thanks to recent research that indicates Java is the top of the three vectors for security exploits in the browser.

    Alex Blewitt
    on Oct 03, 2011

  • U.S. Government Program Seeks Alternatives to Passwords

    In an effort to find viable alternatives to the false security offered by passwords, a new U.S. government program is trying to find consensus on standards with leaders of private industry. The new National Strategy for Trusted Identities in Cyberspace (NSTIC) program was formed early in 2011 with limited funding but ambitious objectives.

    Richard Seroter
    on Aug 25, 2011

  • Amazon Releases Services To Lure Enterprises to the Cloud

    Amazon.com formally added three new capabilities to its cloud computing portfolio with the introduction of Direct Connect and the updates to the Virtual Private Cloud and Identity and Access Management services. These offerings are targeted at organizations looking to construct hybrid or private clouds on the Amazon Web Services platform.

    Richard Seroter
    on Aug 15, 2011

  • Should the Web be Encrypted?

    Last week, the Electronic Frontier Foundation (EFF), in collaboration with the Tor Project, has launched an official 1.0 version of HTTPS Everywhere, a tool for the Firefox web browser that helps secure web browsing by encrypting connections to more than 1,000 websites.

    Jean-Jacques Dubray
    on Aug 07, 2011

  • Microsoft Rejects WebGL for Security Reasons

    Microsoft cites two reports analyzing security flaws in WebGL as the main reason for not endorsing a 3D graphic standard actively supported by Google, Mozilla, Opera, and Apple.

    Abel Avram
    on Jun 17, 2011

  • New DMTF WorkGroup To Address Cloud Security Concerns Through Cloud Audit Standards

    Security concerns still remain the top inhibitor of cloud adoption and cloud audits will alleviate some of these concerns. DMTF instituted the Cloud Audit Data Federation Work Group (CADFWG) to define specifications which will empower organizations to audit cloud-based IT resources, regardless of their chosen cloud provider.

    Jeevak Kasarkod
    on May 08, 2011

  • Security in the Software Development Lifecycle

    Application security must be integrated into software development process. Late stage penetration testing is not sufficient because it will be too late and too expensive to fix mistakes. Steve Lipner from Microsoft spoke during the application security seminar at RSA conference last week about security in the software development lifecycle.

    Srini Penchikala
    on Feb 21, 2011

  • Bill Veghte on Securing the Enterprise in a Changing World

    Bill Veghte from HP said that organizations need to adopt a new model for securing critical corporate infrastructure assets and information to support the modern business. He gave a keynote presentation at RSA 2011 Conference on Wednesday. IT is tied more closely to the business than ever and the new digital business model requires a new approach for managing security.

    Srini Penchikala
    on Feb 18, 2011

  • A Proposal for an HTTP Digital Signature Protocol and API

    Bill Burke, JBoss's Chief Architect and REST Easy Project Lead, published last week a proposal for a Digital Signature Protocol over HTTP. "DSig" is rapidly gaining popularity, more than 10 years after it was designed, due to the emergence of composite applications and the need to establish trusted relationships between their clients and services.

    Jean-Jacques Dubray
    on Feb 16, 2011

  • Oracle Releases Hotfix for the Double.parseDouble Bug in Record Time

    Oracle has released a hotfix for a recently re-discovered decade-old bug in the Java platform which could be used for denial of service attacks on servers. The fix was issued in record time.

    Charles Humble
    on Feb 10, 2011

  • Will SSL Collapse Under its Own Weight?

    Lori MacVittie from F5 Networks provided an analysis of the recent adoption of NIST SSL Deployment Guidelines by the US Government as of January 2011. Since all commercial certificate authorities now issue only 2048-bit keys, the capacity of a server to process SSL is severely impacted and invalidates the general belief that SSL is not computationally expensive.

    Jean-Jacques Dubray
    on Feb 02, 2011

  • Allegations of a Backdoor in OpenBSD Are Not Confirmed

    Some allegations regarding backdoors implemented at FBI’s request in OpenBSD’s IPsec stack were made earlier this month. After auditing the code, Theo de Raadt, the founder of OpenBSD, has concluded that there are no such threats in the open source operating system.

    Abel Avram
    on Dec 23, 2010

  • Security Assessment Techniques: Code Review v Pen Testing

    Web application security testing and assessment should include both security code review and penetration testing techniques. Dave Wichers, an OWASP Board Member, spoke at the recent AppSec DC 2010 Conference about the pros and cons of code reviews and penetration testing approaches in finding security vulnerabilities in web applications.

    Srini Penchikala
    on Dec 06, 2010

  • Amazon AWS receives ISO 27001 Certfication

    Last week, Amazon was awarded the ISO/IEC 27001 certification for Amazon Web Services, AWS. The certification is significant in that ISO 27001 mandates specific management controls and requirements to be in place.

    James Vastbinder
    on Nov 24, 2010
Newer News
Older News
BT