InfoQ Homepage Security Content on InfoQ
-
Kim Lewandowski and Michael Lieberman on Securing the Software Supply Chain with SLSA
Charles Humble talks to Kim Lewandowski and Michael Lieberman about the SLSA framework. They discuss why the software supply chain is under growing attack, explore the key ideas in SLSA and its connection to Google’s Binary Authentication for Borg, and think about how the framework might evolve.
-
Cyber Security with Maxime Lamothe-Brassard
On this episode of the InfoQ Podcast, Thomas Betts talks with Maxime Lamothe-Brassard about cybersecurity. Understanding security is very similar to understanding software architecture, with general concepts applicable to everyone, and specific needs that depend on your situation. The discussion covers roles and responsibilities, DevSecOps, and the current and future state of cloud-native security
-
Michelle Brenner Builds Netflix Workstations and Enables Artists to Create From Anywhere
Producing television shows and movies at Netflix-scale means having a way to efficiently work with many artists and content creators. Netflix Workstations were created as a cloud-based solution to provide artists with secure access to the applications and content they need to complete their work. We talk about the benefits and trade-offs of the solution that enables artists to create from anywhere
-
Mario Platt on DevSecOps, Platforms, and Threat Modelling
In this podcast, Mario Platt, VP head of information security at CloudMargin, sat down with InfoQ podcast co-host Daniel Bryant. Topics discussed included: the differences and similarities between DevSecOp and DevOps; the role of a platform in relation to system security; and the value of threat modelling.
-
Vulnerabilities and Risks in the Software Supply Chain
Shane Hastie spoke to Brian Fox of Sonatype about vulnerabilities and risks inherent in the modern software supply chain and how to overcome them.
-
The Challenges of DevOps and the Importance of Developer Experience with Jyoti Bansal
In this podcast, Shane Hastie spoke to Jyoti Bansal about the challenges of DevOps today and the importance of developer experience for effective software development today.
-
Nishant Bhajaria on Security, Privacy and Ethics
In this podcast Shane Hastie, lead editor for culture & methods, spoke to Nishant Bhajaria about security, data privacy, ethics and privacy by design .
-
Derek Weeks on the 2020 DevSecOps Community Survey Results
In this podcast Shane Hastie, Lead Editor for Culture & Methods, spoke to Derek Weeks of Sonatype about the results of the 2020 DevSecOps Community Survey and the All Day DevOps conference.
-
Chris Matts & Tony Grout on IT Risk Management Framework as a Catalyst for Change
In this podcast Shane Hastie, Lead Editor for Culture & Methods, talks to Tony Grout and Chris Matts about building an IT risk management framework at a large bank and using that as a catalyst for a digital transformation.
Sponsored Content
O’Reilly Book: Identity-Native Infrastructure Access Management
[Early Release] Preventing breaches by eliminating secrets and adopting Zero Trust. Get a peek inside the first chapters. Download now.
Cookie for a Thought - How to Manage HTTP Sessions
This blog post covers the best practices to deal with HTTP sessions. Learn more.
How Passwordless Works
Passwordless is an example of how great security doesn't have to compromise usability, but instead improves it. Learn More.
Ghosts of Past Employees
Why access control has more in common with Halloween than you think. Find out now.