InfoQ Homepage Risk Management Content on InfoQ
-
Microsoft Releases Azure AD My App and New Risk Detections for Identity Protection into GA
Microsoft recently released a few new Azure Active Directory (AD) features, namely My Apps "collections" and new "risk detections" capabilities, into general availability (GA). With these features, the company intends to simplifying identity and access management while also enhancing the customization and controls.
-
Microsoft Releases Azure Attestation into General Availability
Microsoft recently announced the general availability of Azure Attestation, a unified solution for remotely verifying the trustworthiness of a platform and the integrity of the binaries running inside it.
-
Airbnb: Using Guardrails to Identify Changes with Negative Impact across Teams
Airbnb rolled out an internal Experiment Guardrails system to identify potentially negative impacts of changes across different teams. Whenever a proposed change does not pass any of the guardrails, it is escalated for further analysis by affected teams and stakeholders, explains Airbnb data scientist Tatiana Xifara.
-
CNCF Fund a Bug Bounty Program for Kubernetes
The Kubernetes Product Security Committee has launched a new bug bounty program, funded by the The Cloud Native Computing Foundation (CNCF), to reward security researchers for finding vulnerabilities in the Kubernetes' codebase, as well as the build and release processes, with bounties ranging from $100 to $10,000.
-
Jenkins Creator Launches ML Startup in Continuous Risk-Based Testing
Jenkins creator, Kohsuke Kawaguchi, starts Launchable, a startup using machine learning to identify risk-based tests. Testing thought leader Wayne Ariola also writes about the need for a continuous testing approach, where targeted risk-based tests help provide confidence for continuous delivery.
-
GitHub to Integrate Semmle Code Analysis for Continuous Vulnerability Detection
With the acquisition of startup Semmle, GitHub aims to make continuous vulnerability detection part of their continuous integration/continuous deployment service.
-
DOES London: Mark Schwartz on War & Peace & IT
Mark Schwartz, former CIO and self-described iconoclast, spoke recently at DevOps Enterprise Summit London. Schwartz is the author of three books published by IT Revolution: ‘The Art of Business’, ‘A Seat at the Table’ and ‘War & Peace & IT,’ and is currently an enterprise strategist at Amazon Web Services.
-
Adapting Risk-Based Testing to Agile Teams: Think about Testing before Coding
Risk-based testing improves the quality of the delivered stories and helps system testers to become part of the Scrum team, said Csaba Szökőcs, a product expert at Evosoft Hungary Kft. At TestCon Moscow 2019, he explained how they adapted classical risk-based testing to fit with their agile implementation by making it part of the sprint planning and definition of done.
-
Building High-Quality Products with Distributed Teams
To ensure the quality of the products and services, Intermedia uses a common test & pre-production environment for all distributed teams. Lilia Gorbachik, product manager at Intermedia, mentioned at European Women in Tech that having a mature testing process, working with risks, and making daily decisions from a high-quality product perspective are key aspects to build high-quality products.
-
Google's New Cloud Security Services for Better Threat Detection and Protection in Enterprises
Google announced three new services for better threat detection and protection in enterprises: Web Risk API, Cloud Armor, and Cloud HSM. All these security services will offer Google Cloud Platform (GCP) customers advanced security functionalities.
-
XebiaLabs DevOps Platform Provides New Risk and Compliance Capability for Software Releases
XebiaLabs, a provider of DevOps and continuous delivery software tools, has launched new capabilities for custody, security and compliance risk assessment tracking for software releases via their DevOps Platform.
-
Simplifying Blockchain Security Using Hyperledger Ursa
In a recent blog post, the Hyperledger project announced that their latest project, Hyperledger Ursa, has been accepted by the Technical Steering Committee (TSC). Ursa’s primary objective is to simplify and consolidate cryptographic libraries in a trusted, consumable manner for use in distributed ledger technology projects in an interoperable way.
-
DevSecOps Grows Up and Finds Itself a Community
On June 28th, the first DevSecOps Days event came to London following a similar event in San Francisco in April. It kicked off with a welcome address from event founders, Mark Miller and John Willis, who explained that the intention is to replicate the DevOpsDays model and empower communities worldwide to stand up their own events.
-
Challenges of Moving from Projects to Products
Carmen DeArdo, former DevOps technology director at Nationwide Insurance, and Nicole Bryan, vice-president of product management at Tasktop, recently spoke at the DevOps Enterprise Summit London on the importance of moving from a project-based to a product-based organization.
-
How Observability Impacts Testing: Q&A with Amy Phillips at QCon London
Observability gives you a picture of the system’s current health and can replace certain types of testing. For low-risk application areas you can rely on observability instead of testing, provided you have continuous delivery that provides fast feedback and allows you to release changes quickly.