InfoQ Homepage Security Content on InfoQ
-
/articles/freebsd-design-implementation-review/en/smallimage/ShowCover.jpg)
The Design and Implementation of the FreeBSD Operating System, Review and Q&A with Authors
The Design and Implementation of the FreeBSD Operating System is a long awaited update to a successful and authorative guide to the FreeBSD kernel. The second edition covers all major improvements between FreeBSD version 5 and 11 and, according to the publisher, it has been extensively rewritten for one-third of its content, while another one-third is completely new.
-
/articles/anonize-large-scale-anonymous-survey-system/en/smallimage/logo-ieee.jpg)
An Overview of ANONIZE: A Large-Scale Anonymous Survey System
In this article, authors discuss an ad hoc anonymous and secure survey system called Anonize that can be used in applications like university course evaluations, online product reviews, and whistleblowing.
-
/articles/project-to-product-agfa-less/en/smallimage/logo3.jpg)
From a Project to a Product Approach Using LeSS at Agfa Healthcare
By changing the inner workings from a project perspective to a product perspective Agfa Healthcare established a less complicated process using a single backlog for the entire organisation. Main advice is to try to avoid setting up silos where they do not belong. When applying LeSS it is important to stick to its basic rules even though they are, in most organisations, very disruptive.
-
/articles/probabilistic-project-planning/en/smallimage/logo2.jpg)
Probabilistic Project Planning Using Little’s Law
When working on projects, it is most of the time necessary to forecast the project delivery time up front. Little’s Law can help any team that uses user stories for planning and tracking project execution no matter what development process it uses. We use a project buffer to manage the inherent uncertainty associated with planning and executing a fixed-bid project and protect its delivery date.
-
/articles/high-tech-high-sec-security-concerns-in-graph-databases/en/smallimage/logo.jpg)
High Tech, High Sec.: Security Concerns in Graph Databases
Graph NoSQL databases support data models with connected data and relationships. In this article, author discusses the security implications of graph database technology. He talks about the privacy and security concerns in use cases like graph discovery, knowledge management, and prediction.
-
/articles/Security-Staff-1/en/smallimage/logo7.jpg)
Sourcing Security Superheroes: Part 1: Battling Retention and Recruitment
In this three-part series, Monzy Merza will discuss the challenges within organizations to retain and develop top cybersecurity talent, and outline the organizational steps companies can take to keep talent in-house.
-
/articles/hologram/en/smallimage/logo.jpg)
Hologram - Finally, AWS Key Distribution that Makes Sense
Faced with the lack of solutions for secure distribution of AWS access keys to developers, AdRoll decided to build their own open source Hologram, a system that brings Amazon's Instance Profile mechanism to developer workstations. Adair details the process, tool design and main features.
-
/articles/beyond-blacklisting-cyberdefense-advanced-persistent-threats/en/smallimage/logo.jpg)
Beyond Blacklisting: Cyberdefense in the Era of Advanced Persistent Threats
In this article, authors discuss the security vulnerabilities in software applications and how whitelisting approach has advantages over blacklisting. They also talk about how to implement the whitelisting security policies and cost involved with it.
-
/articles/book-review-conscious-agility/en/smallimage/logo-book2.png)
Q&A on Conscious Agility
The book Conscious Agility (Conscious Capitalism + Business Agility = Antifragility) by Si Alhir, Brad Barton and Mark Ferraro describes a design-thinking approach for business to benefit from uncertainty, disorder, and the unknown. An interview about conscious agility and antifragility, increasing business agility, dealing with uncertainty, and the three phases of a conscious agility initiative.
-
/articles/start-with-security/en/smallimage/logo.jpg)
How to Start With Security
Computer security, or the lack thereof, has made many headlines recently. In this article we'll look at how bad things are and what you, as a software developer, can do about it. It will help get you started or hopefully give you some new ideas if you're already doing some security work.
-
/articles/cloud-security-auditing-challenges-and-emerging-approaches/en/smallimage/logo2.jpg)
Cloud Security Auditing: Challenges and Emerging Approaches
Security audits are an important part of IT security programs. In this article, authors highlight the challenges in cloud computing business models, based on interviews with cloud security auditors. They talk about the challenges in the areas of transparency, encryption and colocation and domain-tailored audits as ideal solution in the new model.
-
/articles/employing-enterprise-architecture-for-applications-assurance/en/smallimage/logo.jpg)
Employing Enterprise Architecture for Applications Assurance
In this article, authors discuss how enterprise, software, and security architects can improve software assurance by using the enterprise architecture to promulgate the software security controls. They also talk about other security model components like threat modeling, attack trees, secure design patterns, and misuse cases.