Engineering Governance Organization

From GM-RKB
Jump to navigation Jump to search

An Engineering Governance Organization is a governance organization that is an engineering organization that can establish engineering governance frameworks to ensure engineering standard compliance.



References

2025-01-17

[1] Martin Fowler, CircuitBreaker Pattern – explains how circuit breakers prevent cascading failures and improve fault tolerance. https://martinfowler.com/bliki/CircuitBreaker.html
[2] OWASP Foundation, Cloud Tenant Isolation Project – highlights the risks of cross-tenant vulnerabilities in multi-tenant applications and the need for strong isolation boundaries. https://owasp.org/www-project-cloud-tenant-isolation/
[3] WorkOS Engineering Blog – describes the concept of tenant isolation in multi-tenant systems and why keeping each tenant's data separate is crucial. https://workos.com/blog/tenant-isolation-in-multi-tenant-systems
[4] OWASP Secrets Management Cheat Sheet – recommends regular secret rotation and automation to minimize credential exposure risk. https://cheatsheetseries.owasp.org/cheatsheets/Secrets_Management_Cheat_Sheet.html
[5] IBM Cloud Security Guidance – advises rotating secrets roughly every 90 days as a best practice for secrets management. https://cloud.ibm.com/docs/secrets-manager?topic=secrets-manager-best-practices-rotate-secrets
[6] Swark – an AI-driven tool example that generates architecture diagrams and dependency graphs from code using LLMs. https://medium.com/@ozanani/introducing-swark-automatic-architecture-diagrams-from-code-cb5c8af7a7a5
[7] Splunk (SRE Golden Signals) – emphasizes incorporating runtime metrics (latency, traffic, errors, saturation) as key indicators of system health. https://www.splunk.com/en_us/blog/learn/sre-metrics-four-golden-signals-of-monitoring.html
[8] AWS Well-Architected (DevOps Security Metrics) – defines Mean Time to Detect (MTTD) and the value of minimizing it through effective monitoring. https://docs.aws.amazon.com/wellarchitected/latest/devops-guidance/metrics-for-security-testing.html
    • Citations:
[1] Circuit Breaker. https://martinfowler.com/bliki/CircuitBreaker.html (2025-01-17)
[2] Introducing Swark: Automatic Architecture Diagrams from Code | by Oz Anani | Medium. https://medium.com/@ozanani/introducing-swark-automatic-architecture-diagrams-from-code-cb5c8af7a7a5 (2025-01-17)
[3] OWASP Cloud Tenant Isolation | OWASP Foundation. https://owasp.org/www-project-cloud-tenant-isolation/ (2025-01-17)
[4] IBM Cloud Docs. https://cloud.ibm.com/docs/secrets-manager?topic=secrets-manager-best-practices-rotate-secrets (2025-01-17)
[5] Secrets Management - OWASP Cheat Sheet Series. https://cheatsheetseries.owasp.org/cheatsheets/Secrets_Management_Cheat_Sheet.html (2025-01-17)
[6] SRE Metrics: Core SRE Components, the Four Golden Signals... https://www.splunk.com/en_us/blog/learn/sre-metrics-four-golden-signals-of-monitoring.html (2025-01-17)
[7] Metrics for security testing - DevOps Guidance. https://docs.aws.amazon.com/wellarchitected/latest/devops-guidance/metrics-for-security-testing.html (2025-01-17)
[8] Tenant isolation in multi-tenant systems: What you need to know — WorkOS. https://workos.com/blog/tenant-isolation-in-multi-tenant-systems (2025-01-17)