Abstract: Methods, apparatus, systems and articles of manufacture to provide resource security are disclosed. Example methods and apparatus manage a benchmark specific to a resource, the benchmark created during development of the resource and including a collection of rules to constrain behavior of the resource, enable a rule of the benchmark that corresponds with a type of the resource, disable a rule of the benchmark that does not correspond with the type of the resource, test the enabled rule of the benchmark against the resource, identify an insufficiency of the resource based on the enabled rule of the benchmark, and remediate the insufficiency of the resource to comply with the enabled rule of the benchmark.

Abstract: Methods, apparatus, systems and articles of manufacture to provide resource security are disclosed. Example methods and apparatus manage a benchmark specific to a resource, the benchmark created during development of the resource and including a collection of rules to constrain behavior of the resource, enable a rule of the benchmark that corresponds with a type of the resource, disable a rule of the benchmark that does not correspond with the type of the resource, test the enabled rule of the benchmark against the resource, identify an insufficiency of the resource based on the enabled rule of the benchmark, and remediate the insufficiency of the resource to comply with the enabled rule of the benchmark.

Abstract: Methods, apparatus, systems and articles of manufacture to provide resource security are disclosed. Example methods and apparatus manage a benchmark specific to a resource, the benchmark created during development of the resource and including a collection of rules to constrain behavior of the resource, enable a rule of the benchmark that corresponds with a type of the resource, disable a rule of the benchmark that does not correspond with the type of the resource, test the enabled rule of the benchmark against the resource, identify an insufficiency of the resource based on the enabled rule of the benchmark, and remediate the insufficiency of the resource to comply with the enabled rule of the benchmark.

Abstract: Methods, apparatus, systems and articles of manufacture are disclosed to assess compliance of a virtual computing environment. An example method disclosed herein to assess compliance of computing resources of a computing environment includes monitoring for an occurrence of a change in a computing resource in the computing environment, and in response to detecting the occurrence and without waiting for batch testing, assessing compliance of the computing resource with a compliance policy.

Abstract: Methods, apparatus, systems and articles of manufacture are disclosed to assess compliance of a virtual computing environment. An example method disclosed herein to assess compliance of computing resources of a computing environment includes monitoring for an occurrence of a change in a computing resource in the computing environment, and in response to detecting the occurrence and without waiting for batch testing, assessing compliance of the computing resource with a compliance policy.

Abstract: Methods and apparatus to authenticate and differentiate virtually identical resources using session chaining are disclosed. In response to a session request from at least one of a management device or a resource, example methods and apparatus locate a session chain stack associated with an identifier of the at least one of the management device or the resource, and determine whether a first nonce at a top of the session chain stack associated with the identifier of the at least one of the management device or the resource is equal to a second nonce associated with the session request from the at least one of the management device or the resource.

Abstract: Methods and apparatus to authenticate and differentiate virtually identical resources using session chaining are disclosed. In response to a session request from at least one of a management device or a resource, example methods and apparatus locate a session chain stack associated with an identifier of the at least one of the management device or the resource, and determine whether a first nonce at a top of the session chain stack associated with the identifier of the at least one of the management device or the resource is equal to a second nonce associated with the session request from the at least one of the management device or the resource.

Abstract: Methods and apparatus to authenticate and differentiate virtually identical resources using session chaining are disclosed. In response to a session request from at least one of a management device or a resource, example methods and apparatus locate a session chain stack associated with an identifier of the at least one of the management device or the resource, and determine whether a first nonce at a top of the session chain stack associated with the identifier of the at least one of the management device or the resource is equal to a second nonce associated with the session request from the at least one of the management device or the resource.

Abstract: Methods and apparatus are disclosed to generate a security assertion document associated with a container image, and to use the security assertion document to determine whether a container image is suitable for use to assemble a corresponding container for execution in a host environment. In an example method, the generated security assertion document includes a security assertion resulting from an assessed policy rule. In the example method, the security assertion document is separate from the container image such that the generation of the security assertion document does not alter the container image itself. In an example method, the contents of the security assertion document may be analyzed and/or verified in relation to the associated container image in connection with determining whether or not to use the container image to assemble a corresponding container for execution in the example host environment.

Abstract: Methods, apparatus, systems and articles of manufacture to provide resource security are disclosed. Example methods and apparatus manage a benchmark specific to a resource, the benchmark created during development of the resource and including a collection of rules to constrain behavior of the resource, enable a rule of the benchmark that corresponds with a type of the resource, disable a rule of the benchmark that does not correspond with the type of the resource, test the enabled rule of the benchmark against the resource, identify an insufficiency of the resource based on the enabled rule of the benchmark, and remediate the insufficiency of the resource to comply with the enabled rule of the benchmark.

Abstract: Methods and apparatus to authenticate and differentiate virtually identical resources using session chaining are disclosed. In response to a session request from at least one of a management device or a resource, example methods and apparatus locate a session chain stack associated with an identifier of the at least one of the management device or the resource, and determine whether a first nonce at a top of the session chain stack associated with the identifier of the at least one of the management device or the resource is equal to a second nonce associated with the session request from the at least one of the management device or the resource.

Abstract: Methods, apparatus, systems and articles of manufacture are disclosed to identify priorities of compliance assessment results of a virtual computing environment. An example method disclosed herein to identify priorities for defects includes associating, with a processor, a first defect with an asset class and a repair action, the first defect indicative of a computing resource being out of compliance with a policy, determining, with the processor, a priority for the defect based on past repair actions performed to correct past defects corresponding to the same asset class, and displaying the defect in rank order with a plurality of other defects based on the priority.

Abstract: Methods, apparatus, systems and articles of manufacture are disclosed to manage operations situations in computing environments using presence protocols. An example method includes determining monitoring information of a resource managed by a management application in the computing environment. The example method also includes comparing the monitoring information to a policy associated with the resource, and, in response to the comparison, posting an alert message to a situation stream in communication with the management application, the alert message to include an identifier associated with the resource.

Abstract: Methods and apparatus are disclosed to generate a security assertion document associated with a container image, and to use the security assertion document to determine whether a container image is suitable for use to assemble a corresponding container for execution in a host environment. In an example method, the generated security assertion document includes a security assertion resulting from an assessed policy rule. In the example method, the security assertion document is separate from the container image such that the generation of the security assertion document does not alter the container image itself. In an example method, the contents of the security assertion document may be analyzed and/or verified in relation to the associated container image in connection with determining whether or not to use the container image to assemble a corresponding container for execution in the example host environment.

Abstract: Methods, apparatus, systems and articles of manufacture are disclosed to measure compliance of a virtual computing environment. An example method disclosed herein includes determining, with a processor, a maximum surprisal value of a policy to be enforced on a computing resource in a computing environment, the maximum surprisal value corresponding to a probability of the computing resource being in-compliance with the policy without testing the computing resource with respect to the policy, determining a current surprisal value of the computing resource with respect to the policy based on knowledge of at least one condition of policy being at least one of satisfied by or inapplicable to the computing resource, and determining a compliance score of the computing resource with respect to the policy based on the maximum surprisal value of the policy and the current surprisal value of the computing resource with respect to the policy.

Abstract: Embodiments allow management software applications to distinguish computational assets without the use of static, predetermined identifiers that are susceptible to duplication along with computational assets. Managers and computational assets are associated with authenticator values. Additionally, a manager and computational asset determine (e.g., negotiate) an expected nonce (number used once) to be provided by either party when requesting a transaction. Upon receiving a transaction request associated with an authenticator value and a transaction nonce, the sender's knowledge of the expected nonce is proven when the nonce associated with the request matches the expected nonce, and disproven otherwise. When such knowledge is proven, the manager treats the computational asset as the one originally associated with the computational asset authenticator value and negotiates a new nonce.

Abstract: Methods, apparatus, systems and articles of manufacture are disclosed to measure compliance of a virtual computing environment. An example method disclosed herein includes determining, with a processor, a maximum surprisal value of a policy to be enforced on a computing resource in a computing environment, the maximum surprisal value corresponding to a probability of the computing resource being in-compliance with the policy without testing the computing resource with respect to the policy, determining a current surprisal value of the computing resource with respect to the policy based on knowledge of at least one condition of policy being at least one of satisfied by or inapplicable to the computing resource, and determining a compliance score of the computing resource with respect to the policy based on the maximum surprisal value of the policy and the current surprisal value of the computing resource with respect to the policy.

Abstract: Methods, apparatus, systems and articles of manufacture are disclosed to assess compliance of a virtual computing environment. An example method disclosed herein to assess compliance of computing resources of a computing environment includes monitoring for an occurrence of a change in a computing resource in the computing environment, and in response to detecting the occurrence and without waiting for batch testing, assessing compliance of the computing resource with a compliance policy.

Abstract: Methods, apparatus, systems and articles of manufacture are disclosed to identify priorities of compliance assessment results of a virtual computing environment. An example method disclosed herein to identify priorities for defects includes associating, with a processor, a first defect with an asset class and a repair action, the first defect indicative of a computing resource being out of compliance with a policy, determining, with the processor, a priority for the defect based on past repair actions performed to correct past defects corresponding to the same asset class, and displaying the defect in rank order with a plurality of other defects based on the priority.

Abstract: Embodiments allow management software applications to distinguish computational assets without the use of static, predetermined identifiers that are susceptible to duplication along with computational assets. Managers and computational assets are associated with authenticator values. Additionally, a manager and computational asset determine (e.g., negotiate) an expected nonce (number used once) to be provided by either party when requesting a transaction. Upon receiving a transaction request associated with an authenticator value and a transaction nonce, the sender's knowledge of the expected nonce is proven when the nonce associated with the request matches the expected nonce, and disproven otherwise. When such knowledge is proven, the manager treats the computational asset as the one originally associated with the computational asset authenticator value and negotiates a new nonce.