InfoQ Homepage Security Content on InfoQ
-
Sustainable Security Requirements with the ASVS
Josh Grossman provides a brief overview of what the ASVS is, but takes a closer look at balancing trade-offs and prioritizing different security requirements.
-
Implementing OSSF Scorecards across an Organization
Chris Swan provides a walkthrough of the steps involved in securing a first repository, and then what it takes to repeat that process across an organization with multiple repos.
-
Securing the Software Supply Chain: How in-toto and TUF Work Together to Combat Supply Chain Attacks
Marina Moore covers the fundamentals of both in-toto and TUF, and discusses how to combine them with a real world case study where Datadog has been using two technologies together.
-
The Many Facets of “Identity”
Radia Perlman describes what aspects of identity and authentication blockchain might address, and compares a “blockchain“ approach with what is deployed today.
-
Security Checks Simplified: How to Implement Best Practices with Ease
Varun Sharma, CEO of StepSecurity, talks about OpenSSF Scorecard, a tool that assesses how well a code repository follows security best practices.
-
Celebrity Vulnerabilities: Effective Response to Critical Production Threats
Alyssa Miller dives into the lessons learned from three major open source security events, the Equifax breach via Struts, the Log4j vulnerabilities and the Spring4Shell exploit.
-
A Big Dashboard of Problems: Creating Preventative Security Strategies
Travis McPeak explores the forefront of simple and effective preventative security strategies.
-
Programming Your Policies: Exploring Open Policy Agent and More
Justin Cormack discusses how to deal with policies, what the business drivers are, how it affects developers, compliance and security departments, and the cultural and communication changes there.
-
Beyond Default Settings: Evaluating the Security of Kubernetes and Cloud Native Environments
The panelists discuss default configurations, authentication, and access control mechanisms in the context of what Kubernetes brings to the table in terms of security.
-
Log4Shell Response Patterns & Learnings from Them
Tapabrata Pal describes three broad categories of enterprises based on their responses to Log4Shell and identifies the key characteristics of each of these patterns.
-
Securing Microservices: Preventing Vulnerability Traversal
Stefania Chaplin is looking at OWASP recommendations and Kubernetes best practices to find out more about how to secure microservices and reduce vulnerability traversal.
-
Best Practices for API Quality and Security
The panelists discuss how to improve quality and security in API design and management, what the biggest challenges are and how to address them.