BestHub
Sign in
Tagged articles
16 articles
Page 1 of 1
SuanNi
SuanNi
Apr 30, 2026 · Information Security

Agent Skills Security: Full Lifecycle Governance Framework and Threat Landscape

The article presents a comprehensive security analysis of AI Agent Skills, outlining a four‑stage attack surface—from creation to execution—detailing core risks such as malicious logic injection, supply‑chain poisoning, and persistent trust abuse, and proposes a full‑lifecycle governance framework, OWASP‑style top‑10, and emerging mitigation tools.

Agent SkillsSecurityThreat Modeling
0 likes · 17 min read
Agent Skills Security: Full Lifecycle Governance Framework and Threat Landscape
JavaEdge
JavaEdge
Mar 26, 2026 · Information Security

How Claude Code’s Automatic Permission System Balances Security and Usability

The article analyzes Claude Code’s new automatic permission mode, detailing its three operation options, two‑layer classifier architecture, threat model, decision flow, rule customization, evaluation results, design trade‑offs, and future plans for improving AI‑driven security.

AI securityAutomated approvalClaude Code
0 likes · 10 min read
How Claude Code’s Automatic Permission System Balances Security and Usability
Black & White Path
Black & White Path
Mar 10, 2026 · Information Security

OpenAI Unveils Codex Security: An AI Agent That Autonomously Finds, Verifies, and Fixes Vulnerabilities

OpenAI's new Codex Security agent, codenamed "Aardvark," shifts application security from static scanning to a full‑process AI loop that builds custom threat models, validates exploits in a sandbox, generates patch code, and has already identified hundreds of critical bugs across millions of code commits.

Application SecurityCodex SecurityOpenAI
0 likes · 7 min read
OpenAI Unveils Codex Security: An AI Agent That Autonomously Finds, Verifies, and Fixes Vulnerabilities
Black & White Path
Black & White Path
Feb 23, 2026 · Information Security

How AI Is Redefining Security Engineer Training: From Code Review to Threat Modeling

In the AI‑driven development era, CISOs must overhaul security engineer training by shifting focus from line‑by‑line code review to result‑based evaluation, embedding threat‑modeling skills, and integrating continuous, tool‑chain‑embedded guardrails to keep pace with rapid, AI‑augmented code delivery.

AICISODeveloper Training
0 likes · 8 min read
How AI Is Redefining Security Engineer Training: From Code Review to Threat Modeling
Architects Research Society
Architects Research Society
Nov 1, 2023 · Information Security

Roles and Responsibilities of a Security Architecture Team

The article outlines the composition and responsibilities of a security architecture team, detailing the roles of Security Architect, Information Security Architect, CISO, and Security Analyst, their required business and technical skills, risk management, threat modeling, and how they integrate with enterprise architecture.

CISOSecurity ArchitectureSecurity Roles
0 likes · 11 min read
Roles and Responsibilities of a Security Architecture Team
Huolala Tech
Huolala Tech
Oct 23, 2023 · Information Security

How Huolala Secures Kubernetes: Real-World Container Security Practices

This article details Huolala's end‑to‑end container security strategy—from Kubernetes component basics and a real unauthorized‑access incident to lifecycle‑based safeguards, threat‑matrix guidance, image/ecosystem/baseline/runtime protections, and a custom HIDS architecture—offering practical insights for cloud‑native environments.

Cloud NativeContainer SecurityDevSecOps
0 likes · 14 min read
How Huolala Secures Kubernetes: Real-World Container Security Practices
DevOps
DevOps
Aug 9, 2023 · Information Security

From DevOps to DevSecOps: Integrating Security into the Software Development Lifecycle and Using Microsoft Threat Modeling Tool

This article explains how DevSecOps extends DevOps by embedding security throughout the software development lifecycle, discusses common threats such as SQL injection and broken access control, outlines the Security Development Lifecycle, and provides a step‑by‑step guide to using Microsoft’s Threat Modeling Tool for risk mitigation.

DevSecOpsMicrosoft ToolSecurity Development Lifecycle
0 likes · 20 min read
From DevOps to DevSecOps: Integrating Security into the Software Development Lifecycle and Using Microsoft Threat Modeling Tool
DevOps
DevOps
Jun 27, 2023 · Information Security

From DevOps to DevSecOps: Understanding Threats, Security Practices, and Using Microsoft Threat Modeling Tool

This article explains how DevSecOps extends DevOps by embedding security throughout the software lifecycle, discusses common threats such as SQL injection and broken access control, outlines the Security Development Lifecycle, and provides a step‑by‑step guide to using Microsoft Threat Modeling Tool for proactive risk mitigation.

DevSecOpsMicrosoftOWASP
0 likes · 20 min read
From DevOps to DevSecOps: Understanding Threats, Security Practices, and Using Microsoft Threat Modeling Tool
DevOps
DevOps
Aug 3, 2022 · Information Security

Secure Design in DevSecOps: Principles, Threat Modeling, and Huawei Cloud Practices

This article explains how integrating secure‑by‑design principles into DevSecOps accelerates software delivery while reducing risk, outlines key security architecture concepts such as the CIA triad and design principles, describes threat‑modeling methods, and showcases Huawei Cloud’s practical security design, data protection, and privacy solutions.

DevSecOpsHuawei CloudSecure Design
0 likes · 12 min read
Secure Design in DevSecOps: Principles, Threat Modeling, and Huawei Cloud Practices
Dada Group Technology
Dada Group Technology
Jul 16, 2021 · Information Security

Application Security Testing Practices and Risk Assessment at JD Daojia

This article outlines JD Daojia's comprehensive application security strategy, including risk analysis, threat modeling, DevSecOps processes, open‑source component scanning, SAST/DAST/IAST testing, manual security assessments, and evaluation of testing effectiveness to mitigate vulnerabilities before production.

Application SecurityDevSecOpsThreat Modeling
0 likes · 13 min read
Application Security Testing Practices and Risk Assessment at JD Daojia
Meituan Technology Team
Meituan Technology Team
Apr 8, 2021 · Information Security

Threat Modeling: Practices, Challenges, and Implementation Guide

Threat modeling is a systematic, cross‑functional practice that identifies design‑level security flaws early, prioritizes mitigations using methods like ASTRIDE, and integrates risk assessment into DevSecOps, despite tool scarcity and process integration challenges, to reduce costs, meet compliance, and improve overall security maturity.

DevSecOpsSecurity ArchitectureSoftware Security
0 likes · 31 min read
Threat Modeling: Practices, Challenges, and Implementation Guide
Architects Research Society
Architects Research Society
Feb 24, 2021 · Information Security

Security Architecture Team: Roles, Skills, and Responsibilities

The security architecture team consists of security architects, information security architects, chief information security officers, and security analysts, each with distinct business and technical responsibilities, risk‑management and threat‑modeling skills, and a collaborative relationship with enterprise architecture to ensure secure, compliant solutions.

CISOSecurity ArchitectureThreat Modeling
0 likes · 11 min read
Security Architecture Team: Roles, Skills, and Responsibilities
ITFLY8 Architecture Home
ITFLY8 Architecture Home
Sep 23, 2020 · Information Security

Mastering Security Architecture Reviews: Principles, Models, and Practical Steps

This article explains how to conduct comprehensive security architecture reviews by covering fundamental design principles, the three pillars of security controls, a practical review model, and detailed guidance on threat modeling, asset identification, and mitigation strategies for modern applications.

Defense in DepthSecurity ArchitectureSecurity Review
0 likes · 24 min read
Mastering Security Architecture Reviews: Principles, Models, and Practical Steps
Efficient Ops
Efficient Ops
Jun 25, 2020 · Information Security

How Enterprise DevSecOps Transforms Security in Modern IT Operations

The article recaps the fourth Enterprise DevOps Empowerment conference, highlighting DevSecOps as the core theme, expert presentations from China Academy of Information and Communications Technology, Huatai Securities, and Tencent, and a detailed Q&A covering threat modeling, security automation, scanning practices, and operational integration.

IT OperationsThreat Modelingenterprise security
0 likes · 15 min read
How Enterprise DevSecOps Transforms Security in Modern IT Operations
Tencent Cloud Developer
Tencent Cloud Developer
Jun 5, 2020 · Information Security

DevSecOps and Secure Development Lifecycle (SDL): Concepts, Practices, and Implementation

The article explains how DevSecOps extends the Secure Development Lifecycle by embedding security early and throughout CI/CD pipelines, combining threat‑based and vulnerability‑based defenses, automated testing tools such as SAST, DAST, IAST, and SCA, and fostering a collaborative culture of shared responsibility, illustrated by Tencent Cloud’s comprehensive “Golden Pipeline” implementation.

DevSecOpsSDLSecure Development Lifecycle
0 likes · 14 min read
DevSecOps and Secure Development Lifecycle (SDL): Concepts, Practices, and Implementation