InfoQ Homepage Security Content on InfoQ
-
Risk and Failure on the Path to Staff Engineer
Caleb Hyde discusses their career progression and regressions, as well the context they used to figure out what to work on and whom to work with, distilling a framework to utilize in one’s own work.
-
Defensible Moats: Unlocking Enterprise Value with Large Language Models
Nischal HP discusses risk mitigation, environmental, social, and governance (ESG) framework implementation to achieve sustainability goals, strategic procurement, spend analytics, data compliance.
-
NIST 800-207A: Implementing Zero Trust Architecture
Zack Butcher discusses the forthcoming Special Publication 800-207A on a Zero Trust Architecture (ZTA) model for access control in cloud native applications in multi-location environments.
-
How DoorDash Ensures Velocity and Reliability through Policy Automation
Lin Du discusses the details of their approach at DoorDash; how they enabled their engineers to self-serve infrastructure through policy automation while ensuring both reliability and high velocity.
-
Sustainable Security Requirements with the ASVS
Josh Grossman provides a brief overview of what the ASVS is, but takes a closer look at balancing trade-offs and prioritizing different security requirements.
-
Implementing OSSF Scorecards across an Organization
Chris Swan provides a walkthrough of the steps involved in securing a first repository, and then what it takes to repeat that process across an organization with multiple repos.
-
Securing the Software Supply Chain: How in-toto and TUF Work Together to Combat Supply Chain Attacks
Marina Moore covers the fundamentals of both in-toto and TUF, and discusses how to combine them with a real world case study where Datadog has been using two technologies together.
-
The Many Facets of “Identity”
Radia Perlman describes what aspects of identity and authentication blockchain might address, and compares a “blockchain“ approach with what is deployed today.
-
Security Checks Simplified: How to Implement Best Practices with Ease
Varun Sharma, CEO of StepSecurity, talks about OpenSSF Scorecard, a tool that assesses how well a code repository follows security best practices.
-
Celebrity Vulnerabilities: Effective Response to Critical Production Threats
Alyssa Miller dives into the lessons learned from three major open source security events, the Equifax breach via Struts, the Log4j vulnerabilities and the Spring4Shell exploit.
-
A Big Dashboard of Problems: Creating Preventative Security Strategies
Travis McPeak explores the forefront of simple and effective preventative security strategies.
-
Programming Your Policies: Exploring Open Policy Agent and More
Justin Cormack discusses how to deal with policies, what the business drivers are, how it affects developers, compliance and security departments, and the cultural and communication changes there.