If one event demonstrated how vulnerable organisations and infrastructure around the world are to software vulnerabilities, it was Log4j. The critical zero-day vulnerability in the Java logging ...

What does it take to make secure software? The Open Source Security Foundation (OpenSSF) has a few ideas (10 of them, in fact). This week at the OpenSSF Day Japan event in Tokyo, the nonprofit group ...

Experts share how software development teams can ‘shift security left’ and improve governance of open source usage, software deployment, and data management. CIOs and their IT departments face ...

Best ways to incorporate security into the software development life cycle Your email has been sent With the persistence of security issues in software development, there is an urgent need for ...

Federal agencies must now comply with a National Institute of Standards and Technology framework on secure software development. The Office of Management and Budget said Monday that “effective ...

A monthly overview of things you need to know as an architect or aspiring architect. Unlock the full InfoQ experience by logging in! Stay updated with your favorite authors and topics, engage with ...

Value stream management involves people in the organization to examine workflows and other processes to ensure they are deriving the maximum value from their efforts while eliminating waste — of ...

Customer satisfaction is key to product success. That’s why development teams are often tempted to prioritize application performance and functionality, hoping to introduce necessary cybersecurity ...

In 1965, Ralph Nader’s groundbreaking book Unsafe at Any Speed exposed how car manufacturers prioritised style, performance, and profit over the safety of drivers and passengers. His narrative spurred ...

These CISA guides can help ensure cyber teams everywhere are buying software that is secure and follows development practices that don’t lead to future calamity. Your team is in charge of identifying ...

Supply chain security continues to receive critical focus in the realm of cybersecurity, and with good reason: incidents such as SolarWinds, Log4j, Microsoft, and Okta software supply chain attacks ...