BT
DevOps Follow 827 Followers

IT Operations Is the Most Predictable DevOps Differentiator Says Damon Edwards at DOES18 London

by Helen Beal Follow 6 Followers on  Jul 11, 2018

InfoQ spoke to Damon Edwards, co-founder and chief product officer, at Rundeck at DevOps Enterprise Summit London about his talk ‘Operations - The Last Mile Problem for DevOps in the Enterprise’ and the sneak preview of the new version of RunDeck, V3.0.

DevOps Follow 827 Followers

DevSecOps Grows Up and Finds Itself a Community

by Helen Beal Follow 6 Followers on  Jul 06, 2018

On June 28th, the first DevSecOps Days event came to London following a similar event in San Francisco in April. It kicked off with a welcome address from event founders, Mark Miller and John Willis, who explained that the intention is to replicate the DevOpsDays model and empower communities worldwide to stand up their own events.

Development Follow 610 Followers

PGP and S/MIME Encrypted Email Vulnerable to Efail Attack

by Sergio De Simone Follow 14 Followers on  May 18, 2018

A group of German and Belgian researchers found that PGP and S/MIME are vulnerable to an attack that leaks the plaintext of encrypted emails. The Electronic Frontier Foundation confirmed the vulnerability and suggested to use alternative means to exchange secure messages. Yet, the vulnerability is not in PGP itself, according to GnuPG creator Werner Koch, who also said EFF comments were overblown.

Culture & Methods Follow 671 Followers

Q&A with Laura Bell on Continuous Security at QCon London

by Laura Bell Follow 1 Followers , Rafiq Gemmail Follow 6 Followers on  Mar 07, 2018

Q&A with Laura Bell at QCon London. We discuss her keynote, continuous security and her own professional security journey.

DevOps Follow 827 Followers

Chef Enhances Cloud Security Automation in InSpec 2.0

by Helen Beal Follow 6 Followers on  Feb 27, 2018

Continuous automation vendor, Chef, has announced the availability of InSpec 2.0, a new version of Chef’s free open source tool that enables DevOps and cross-functional application, infrastructure and security teams to express security and compliance rules as code and assess and remediate compliance issues through the entire software delivery life cycle.

DevOps Follow 827 Followers

NIST Publishes Guidelines on Application Container Security

by Hrishikesh Barua Follow 14 Followers on  Dec 04, 2017

The National Institute of Standards and Technology (NIST) published a bulletin on application container technology and its most notable security challenges. The report is a summary of two previous bulletins outlining vulnerability areas including image, registry, orchestrator, container, host OS, and hardware, and their countermeasures.

DevOps Follow 827 Followers

Serverless Challenges in Hybrid Environments

by Manuel Pais Follow 9 Followers on  Nov 30, 2017

Sam Newman, independent consultant and author of the book "Building Microservices", talked at the Velocity conference in London on the challenges faced when hybrid systems rely on both serverless architectures and traditional infrastructure. In particular, Newman discussed how serverless changes our notion of resiliency and how the two paradigms clash at times of high load in the system.

Java Follow 941 Followers

Java EE Security API (JSR-375) Approved

by Matt Raible Follow 12 Followers on  Sep 07, 2017

The Java EE Security API, JSR 375, was approved in early August. All members of the JCP Executive Committee voted “Yes”, with zero “No” votes. Intel Corp. did not vote on the JSR.

DevOps Follow 827 Followers

Active Management of Open Source Components Delivers Measurable Improvements Claims Sonatype Report

by Helen Beal Follow 6 Followers on  Jul 31, 2017

When organisations actively manage the quality of open source components in software applications they see a 28% improvement in developer productivity (through reduction in manual governance), a 30% reduction in overall development costs, and a 48% increase in application quality (as application vulnerabilities are removed early reducing their incidence in production).

Cloud Follow 283 Followers

AWS Web Application Firewall: Bolt-on Security for Insecure Websites

by Elton Stoneman Follow 2 Followers on  Jul 28, 2017

AWS Web Application Firewall inspects traffic coming into your web application, looking for suspicious activity. It can pass good requests onto your application and block requests that match common attack vectors - like SQL injection. WAF can add a layer of security onto an existing application without changing the app.

.NET Follow 377 Followers

Microsoft Previews Bug and Security Risk Detection on Windows and Linux

by Abel Avram Follow 9 Followers on  Jul 22, 2017

Microsoft has made available Project Springfield as an Azure service preview called Microsoft Security Risk Detection (MSRD) for detecting code bugs and security vulnerabilities in Windows and Linux applications.

DevOps Follow 827 Followers

Sonatype Acquires Vor Security to Expand Nexus Open-Source Component Support

by Helen Beal Follow 6 Followers on  Jun 30, 2017

Sonatype announced the acquisition of Vor Security to extend their open-source component intelligence solutions’ coverage to include Ruby, PHP, CocoaPods, Swift, Golang, C, and C++.

AI, ML & Data Engineering Follow 872 Followers

Apache Metron Graduates to Top-Level Project

by Dylan Raithel Follow 9 Followers on  May 18, 2017

Hortonworks and Apache announce graduation of Metron, a realtime big data security platform to top-level project at the ASF.

Architecture & Design Follow 2125 Followers

Authentication Strategies in Microservices Systems

by Jan Stenberg Follow 34 Followers on  Dec 08, 2016 3

Software security is a complex problem, and is becoming even more complex using Microservices where each service has to deal with security, David Borsos explained at the recent Microservices Conference in London, during his presentation evaluating four end-user authentication options within a microservice based systems.

Architecture & Design Follow 2125 Followers

Microservices and Security

by Jan Stenberg Follow 34 Followers on  Nov 15, 2016

When it comes to application security, we often include it as an afterthought. We have learnt how to add test into the development workflows, but with security we often assume someone else will come and fix it later on, Sam Newman claimed in his keynote at this year’s Microservices Conference in London.

Login to InfoQ to interact with what matters most to you.


Recover your password...

Follow

Follow your favorite topics and editors

Quick overview of most important highlights in the industry and on the site.

Like

More signal, less noise

Build your own feed by choosing topics you want to read about and editors you want to hear from.

Notifications

Stay up-to-date

Set up your notifications and don't miss out on content that matters to you

BT