Application Security Weekly (Audio)
Episodes
Creating Better Security Guidance and Code with LLMs - Mark Curphey - ASW #374
17 Mar 2026
Contributed by Lukas
What happens when secure coding guidance goes stale? What happens LLMs write code from scratch? Mark Curphy walks us through his experience updating d...
Making Medical Devices Secure - Tamil Mathi - ASW #373
10 Mar 2026
Contributed by Lukas
Medical devices are a special segment of the IoT world where availability and patient safety are paramount. Tamil Mathi explains why many devices need...
Modern AppSec that keeps pace with AI development - James Wickett - ASW #372
03 Mar 2026
Contributed by Lukas
As more developers turn to LLMs to generate code, more appsec teams are turning to LLMs to conduct security code reviews. One of the biggest themes in...
Helping Users with Practical Advice to Protect their Digital Devices - Runa Sandvik - ASW #371
24 Feb 2026
Contributed by Lukas
Journalists put a lot of effort into collecting information and protecting their sources, but everyone can benefit from having a digital environment t...
Conducting Secure Code Analysis with LLMs - ASW #370
17 Feb 2026
Contributed by Lukas
A major premise of appsec is figuring out effective ways to answer the question, "What security flaws are in this code?" The nature of the question do...
Bringing Strong Authentication and Granular Authorization for GenAI - Dan Moore - ASW #369
10 Feb 2026
Contributed by Lukas
When it comes to agents and MCPs, the interesting security discussion isn't that they need strong authentication and authorization, but what that auth...
Focusing on Proactive Controls in the Face of LLM-Assisted Malware - Rob Allen - ASW #368
03 Feb 2026
Contributed by Lukas
Everyone is turning to LLMs to generate code, including attackers. Thus, it's no great surprise that there are now examples of malware generated by LL...
Building proactive defenses that reflect the true nature of modern software risk - Paul Davis - ASW #367
27 Jan 2026
Contributed by Lukas
Supply chain security remains one of the biggest time sinks for appsec teams and developers, even making it onto the latest iteration of the OWASP Top...
Lessons from MongoBleed, CWE Top 25, and Secure Coding Benchmarks - ASW #366
20 Jan 2026
Contributed by Lukas
MongoBleed and a recent OWASP CRS bypass show how parsing problems remain a source of security flaws regardless of programming language. We talk with ...
Secure By Design Is Better Than Secure By Myth - Bob Lord - ASW #365
13 Jan 2026
Contributed by Lukas
Not all infosec advice is helpful. Bad advice wastes time, makes people less secure, and takes focus away from making software more secure. Bob Lord t...
The Upsides and Downsides of LLM-Generated Code - Chris Wysopal - ASW #364
06 Jan 2026
Contributed by Lukas
Developers are adding LLMs to their code creation toolboxes, using them to assist with writing and reviewing code. Chris Wysopal talks about the secur...
AI-Era AppSec: Transparency, Trust, and Risk Beyond the Firewall - Felipe Zipitria, Steve Springett, Aruneesh Salhotra, Ken Huang - ASW #363
30 Dec 2025
Contributed by Lukas
In an era dominated by AI-powered security tools and cloud-native architectures, are traditional Web Application Firewalls still relevant? Join us as ...
Modern AppSec: OWASP SAMM, AI Secure Coding, Threat Modeling & Champions - Sebastian Deleersnyder, Dustin Lehr, James Manico, Adam Shostack - ASW #362
23 Dec 2025
Contributed by Lukas
Using OWASP SAMM to assess and improve compliance with the Cyber Resilience Act (CRA) is an excellent strategy, as SAMM provides a framework for secur...
Developing Open Source Skills for Maintaining Projects - Kat Cosgrove - ASW #361
16 Dec 2025
Contributed by Lukas
Open source projects benefit from support that takes many shapes. Kat Cosgrove shares her experience across the Kubernetes project and the different w...
Making OAuth Scale Securely for MCPs - Aaron Parecki - ASW #360
09 Dec 2025
Contributed by Lukas
The MCP standard gave rise to dreams of interconnected agents and nightmares of what those interconnected agents would do with unfettered access to AP...
Making TN Critical Infrastructure the Most Secure in the Nation - T. Gwyddon 'Data' ("Gwee-thin") Owen, James Cotter - ASW #359
02 Dec 2025
Contributed by Lukas
For OT systems, uptime is paramount. That's a hard rule that makes maintaining, upgrading, and securing them a complex struggle. Tomas "Data" Owens an...
Figuring Out Where to Start with Secure Code - ASW #358
25 Nov 2025
Contributed by Lukas
What are your favorite resources for secure code? Co-hosts John Kinsella and Kalyani Pawar talk about the reality of bringing security into a business...
Secure Coding as Critical Thinking Instead of Vulnspotting - Matias Madou - ASW #357
18 Nov 2025
Contributed by Lukas
Secure code should be grounded more in concepts like secure by default and secure by design than by "spot the vuln" thinking. Matias Madou shares his ...
Ransomware, Defaults, and Proactive Defenses - Rob Allen - ASW #356
11 Nov 2025
Contributed by Lukas
Just how bad can things get if someone clicks on a link? Rob Allen joins us again to talk about ransomware, why putting too much attention on clicking...
Researching and Remediating RCEs via GitHub Actions - Bar Kaduri, Roi Nisimi - ASW #355
04 Nov 2025
Contributed by Lukas
Pull requests are a core part of collaboration, whether in open or closed source. GitHub has documented some of the security consequences of misconfig...
Quantum Computing Isn't A Threat To Blockchains - Yet - Martha Bennett, Sandy Carielli - ASW #354
28 Oct 2025
Contributed by Lukas
The post quantum encryption migration is going to be a challenge, but how much of a challenge? There are several reasons why it is different from ever...
Reacting to Ransomware and Setting Secure Defaults - Rob Allen - ASW #353
21 Oct 2025
Contributed by Lukas
Ransomware attacks typically don't care about memory safety and dependency scanning, they often target old, unpatched vulns and too often they succeed...
Inside the OWASP GenAI Security Project - Steve Wilson - ASW #352
14 Oct 2025
Contributed by Lukas
Interest and participation in the OWASP GenAI Security Project has exploded over the last two years. Steve Wilson explains why it was important for th...
Finding Large Bounties with Large Language Models - Nico Waisman - ASW #351
07 Oct 2025
Contributed by Lukas
Software has forever had flaws and humans have forever been finding and fixing them. With LLMs generating code, appsec has also been trying to determi...
Changing the Vuln Conversation from Volume to Remediation - Francesco Cipollone - ASW #350
30 Sep 2025
Contributed by Lukas
Dealing with vulns tends to be a discussion about prioritization. After all, there a tons of CVEs and dependencies with known vulns. It's important to...
Design Errors in Entra ID, Design Defenses in iOS, Design Difficulties in DeepSeek - ASW #349
23 Sep 2025
Contributed by Lukas
In the news, Microsoft encounters a new cascade of avoidable errors with Entra ID, Apple improves iOS with hardware-backed memory safety, DeepSeek dem...
How OWASP's GenAI Security Project keeps up with the pace of AI/Agentic changes - Scott Clinton - ASW #348
16 Sep 2025
Contributed by Lukas
This week, we chat with Scott Clinton, board member and co-chain of the OWASP GenAI Security Project. This project has become a massive organization w...
Limitations and Liabilities of LLM Coding - Seemant Sehgal, Ted Shorter - ASW #347
09 Sep 2025
Contributed by Lukas
Up first, the ASW news of the week. At Black Hat 2025, Doug White interviews Ted Shorter, CTO of Keyfactor, about the quantum revolution already knock...
AI, APIs, and the Next Cyber Battleground: Black Hat 2025 - Chris Boehm, Idan Plotnik, Josh Lemos, Michael Callahan - ASW #346
02 Sep 2025
Contributed by Lukas
In this must-see BlackHat 2025 interview, Doug White sits down with Michael Callahan, CMO at Salt Security, for a high-stakes conversation about Agent...
Translating Security Regulations into Secure Projects - Roman Zhukov, Emily Fox - ASW #345
26 Aug 2025
Contributed by Lukas
The EU Cyber Resilience Act joins the long list of regulations intended to improve the security of software delivered to users. Emily Fox and Roman Zh...
Managing the Minimization of a Container Attack Surface - Neil Carpenter - ASW #344
19 Aug 2025
Contributed by Lukas
A smaller attack surface should lead to a smaller list of CVEs to track, which in turn should lead to a smaller set of vulns that you should care abou...
The Future of Supply Chain Security - Janet Worthington - ASW #343
12 Aug 2025
Contributed by Lukas
Open source software is a massive contribution that provides everything from foundational frameworks to tiny single-purpose libraries. We walk through...
Uniting software development and application security - Will Vandevanter, Jonathan Schneider - ASW #342
05 Aug 2025
Contributed by Lukas
Maintaining code is a lot more than keeping dependencies up to date. It involved everything from keeping old code running to changing frameworks to ev...
How Product-Led Security Leads to Paved Roads - Julia Knecht - ASW #341
29 Jul 2025
Contributed by Lukas
A successful strategy in appsec is to build platforms with defaults and designs that ease the burden of security choices for developers. But there's a...
Rise of Compromised LLMs - Sohrob Kazerounian - ASW #340
22 Jul 2025
Contributed by Lukas
AI is more than LLMs. Machine learning algorithms have been part of infosec solutions for a long time. For appsec practitioners, a key concern is alwa...
Getting Started with Security Basics on the Way to Finding a Specialization - ASW #339
15 Jul 2025
Contributed by Lukas
What are some appsec basics? There's no monolithic appsec role. Broadly speaking, appsec tends to branch into engineering or compliance paths, each wi...
Checking in on the State of Appsec in 2025 - Janet Worthington, Sandy Carielli - ASW #338
08 Jul 2025
Contributed by Lukas
Appsec still deals with ancient vulns like SQL injection and XSS. And now LLMs are generating code along side humans. Sandy Carielli and Janet Worthin...
Simple Patterns for Complex Secure Code Reviews - Louis Nyffenegger - ASW #337
01 Jul 2025
Contributed by Lukas
Manual secure code reviews can be tedious and time intensive if you're just going through checklists. There's plenty of room for linters and compilers...
How Fuzzing Barcodes Raises the Bar for Secure Code - Artur Cygan - ASW #336
24 Jun 2025
Contributed by Lukas
Fuzzing has been one of the most successful ways to improve software quality. And it demonstrates how improving software quality improves security. Ar...
Threat Modeling With Good Questions and Without Checklists - Farshad Abasi - ASW #335
17 Jun 2025
Contributed by Lukas
What makes a threat modeling process effective? Do you need a long list of threat actors? Do you need a long list of terms? What about a short list li...
Bringing CISA's Secure by Design Principles to OT Systems - Matthew Rogers - ASW #334
10 Jun 2025
Contributed by Lukas
CISA has been championing Secure by Design principles. Many of the principles are universal, like adopting MFA and having opinionated defaults that re...
AIs, MCPs, and the Acutal Work that LLMs Are Generating - ASW #333
03 Jun 2025
Contributed by Lukas
The recent popularity of MCPs is surpassed only by the recent examples deficiencies of their secure design. The most obvious challenge is how MCPs, an...
AI in AppSec: Agentic Tools, Vibe Coding Risks & Securing Non-Human Identities - Mo Aboul-Magd, Shahar Man, Brian Fox, Mark Lambert - ASW #332
27 May 2025
Contributed by Lukas
ArmorCode unveils Anya—the first agentic AI virtual security champion designed specifically for AppSec and product security teams. Anya brings toget...
Appsec News & Interviews from RSAC on Identity and AI - Rami Saas, Charlotte Wylie - ASW #331
20 May 2025
Contributed by Lukas
In the news, Coinbase deals with bribes and insider threat, the NCSC notes the cross-cutting problem of incentivizing secure design, we cover some res...
Secure Code Reviews, LLM Coding Assistants, and Trusting Code - Rey Bango, Karim Toubba, Gal Elbaz - ASW #330
13 May 2025
Contributed by Lukas
Developers are relying on LLMs as coding assistants, so where are the LLM assistants for appsec? The principles behind secure code reviews don't reall...
AI Era, New Risks: How Data-Centric Security Reduces Emerging AppSec Threats - Vishal Gupta, Idan Plotnik - ASW #329
06 May 2025
Contributed by Lukas
We catch up on news after a week of BSidesSF and RSAC Conference. Unsurprisingly, AI in all its flavors, from agentic to gen, was inescapable. But per...
Secure Designs, UX Dragons, Vuln Dungeons - Jack Cable - ASW #328
29 Apr 2025
Contributed by Lukas
In this live recording from BSidesSF we explore the factors that influence a secure design, talk about how to avoid the bite of UX dragons, and why de...
Managing Secrets - Vlad Matsiiako - ASW #327
22 Apr 2025
Contributed by Lukas
Secrets end up everywhere, from dev systems to CI/CD pipelines to services, certificates, and cloud environments. Vlad Matsiiako shares some of the ta...
More WAFs in Blocking Mode and More Security Headaches from LLMs - Sandy Carielli, Janet Worthington - ASW #326
15 Apr 2025
Contributed by Lukas
The breaches will continue until appsec improves. Janet Worthington and Sandy Carielli share their latest research on breaches from 2024, WAFs in 2025...
In Search of Secure Design - ASW #325
08 Apr 2025
Contributed by Lukas
We have a top ten list entry for Insecure Design, pledges to CISA's Secure by Design principles, and tons of CVEs that fall into familiar categories o...
Avoiding Appsec's Worst Practices - ASW #324
01 Apr 2025
Contributed by Lukas
We take advantage of April Fools to look at some of appsec's myths, mistakes, and behaviors that lead to bad practices. It's easy to get trapped in a ...
Finding a Use for GenAI in AppSec - Keith Hoodlet - ASW #323
25 Mar 2025
Contributed by Lukas
LLMs are helping devs write code, but is it secure code? How are LLMs helping appsec teams? Keith Hoodlet returns to talk about where he's seen value ...
Redlining the Smart Contract Top 10 - Shashank . - ASW #322
18 Mar 2025
Contributed by Lukas
The crypto world is rife with smart contracts that have been outsmarted by attackers, with consequences in the millions of dollars (and more!). Shasha...
CISA's Secure by Design Principles, Pledge, and Progress - Jack Cable - ASW #321
11 Mar 2025
Contributed by Lukas
Just three months into 2025 and we already have several hundred CVEs for XSS and SQL injection. Appsec has known about these vulns since the late 90s....
Keeping Curl Successful and Secure Over the Decades - Daniel Stenberg - ASW #320
04 Mar 2025
Contributed by Lukas
Curl and libcurl are everywhere. Not only has the project maintained success for almost three decades now, but it's done that while being written in C...
Developer Environments, Developer Experience, and Security - Dan Moore - ASW #319
25 Feb 2025
Contributed by Lukas
Minimizing latency, increasing performance, and reducing compile times are just a part of what makes a development environment better. Throw in useful...
Top 10 Web Hacking Techniques of 2024 - James Kettle - ASW #318
18 Feb 2025
Contributed by Lukas
We're getting close to two full decades of celebrating web hacking techniques. James Kettle shares which was his favorite, why the list is important t...
Code Scanning That Works With Your Code - Scott Norberg - ASW #317
11 Feb 2025
Contributed by Lukas
Code scanning is one of the oldest appsec practices. In many cases, simple grep patterns and some fancy regular expressions are enough to find many of...
Threat Modeling That Helps the Business - Akira Brand, Sandy Carielli - ASW #316
04 Feb 2025
Contributed by Lukas
Threat modeling has been in the appsec toolbox for decades. But it hasn't always been used and it hasn't always been useful. Sandy Carielli shares wha...
Security the AI SDLC - Niv Braun - ASW #315
28 Jan 2025
Contributed by Lukas
A lot of AI security boils down to the boring, but important, software security topics that appsec teams have been dealing with for decades. Niv Braun...
Appsec Predictions for 2025 - Cody Scott - ASW #314
21 Jan 2025
Contributed by Lukas
What's in store for appsec in 2025? Sure, there'll be some XSS and SQL injection, but what about trends that might influence how appsec teams plan? Co...
Discussing Useful Security Requirements with Developers - Ixchel Ruiz - ASW #313
14 Jan 2025
Contributed by Lukas
There's a pernicious myth that developers don't care about security. In practice, they care about code quality. What developers don't care for is ambi...
DefectDojo and Bringing Quality Appsec Tools to Small Appsec Teams - Greg Anderson - ASW #312
07 Jan 2025
Contributed by Lukas
All appsec teams need quality tools and all developers benefit from appsec guidance that's focused on meaningful results. Greg Anderson shares his exp...
Applying Usability and Transparency to Security - Hannah Sutor - ASW #311
16 Dec 2024
Contributed by Lukas
Practices around identity and managing credentials have improved greatly since the days of infosec mandating 90-day password rotations. But those impr...
Looking Back on 2024 - ASW #310
10 Dec 2024
Contributed by Lukas
We do our usual end of year look back on the topics, news, and trends that caught our attention. We covered some OWASP projects, the ongoing attention...
Adding Observability with OpenTelemetry - Adriana Villela - ASW #309
03 Dec 2024
Contributed by Lukas
Observability is a lot more than just sprinkling printf statements throughout a code base. Adriana Villela explains principles behind logging, traceab...
Biometric Frontiers: Unlocking The Future Of Engagement - Andras Cser, Enza Iannopollo - ASW #308
19 Nov 2024
Contributed by Lukas
This week's interview dives deep into the state of biometrics with two Forrester Research analysts! This discussion compares and contrasts regional ap...
Modernizing AppSec - Melinda Marks - ASW #307
12 Nov 2024
Contributed by Lukas
In this week's interview, Melinda Marks' joins us to discuss her latest research. Her recent report Modernizing Application Security to Scale for Clo...
Bug bounties, vulnerability disclosure, PTaaS, fractional pentesting - Grant McCracken - ASW #306
05 Nov 2024
Contributed by Lukas
After spending a decade working for appsec vendors, Grant McKracken wanted to give something back. He saw a gap in the market for free or low-cost ser...
Making TLS More Secure, Lessons from IPv6, LLMs Finding Vulns - Arnab Bose, Shiven Ramji - ASW #305
29 Oct 2024
Contributed by Lukas
Better TLS implementations with Rust, fuzzing, and managing certs, appsec lessons from the everlasting transition to IPv6, LLMs for finding vulns (and...
The Complexities, Configurations, and Challenges in Cloud Security - Scott Piper - ASW #304
21 Oct 2024
Contributed by Lukas
Building cloud native apps doesn't mean you're immune to dealing with legacy systems. Cloud services have changed significantly over the last decade, ...
The Future of Zed Attack Proxy - Simon Bennetts, Ori Bendet - ASW #302
08 Oct 2024
Contributed by Lukas
Zed Attack Proxy has been a crucial web app testing tool for decades. It's also had a struggle throughout 2024 to obtain funding that would enable the...
More Car Hacks, CUPS Vulns, Microsoft's SFI, Memory Safety, Password Complexity - Farshad Abasi - ASW #301
02 Oct 2024
Contributed by Lukas
More remote car control via web interfaces, an RCE in CUPS, Microsoft reduces attack surface, migrating to memory safety, dealing with dependency conf...
Vulnerable APIs and Bot Attacks: Two Interconnected, Growing Security Threats - David Holmes - ASW #300
24 Sep 2024
Contributed by Lukas
APIs are essential to modern application architectures, driving rapid development, seamless integration, and improved user experiences. However, their...
Bringing Secure Coding Concepts to Developers - Dustin Lehr - ASW #299
17 Sep 2024
Contributed by Lukas
When a conference positioned as a day of security for developers has to be canceled due to lack of interest from developers, it's important to underst...
Paying Down Tech Debt, Rust in Firmware, EUCLEAK, Deploying SSO - ASW #298
10 Sep 2024
Contributed by Lukas
Considerations in paying down tech debt, make Rust work on bare metal, ECDSA side-channel in Yubikeys, trade-offs in deploying SSO quickly, and more! ...
Close the Security Theater: Enter Resilience - Kelly Shortridge - ASW Vault
02 Sep 2024
Contributed by Lukas
Check out this interview from the ASW Vault, hand picked by main host Mike Shema! This segment was originally published on May 9, 2023. What does soft...
Changing the Course of IoT's Future from Its Insecure Past - Paddy Harrington - ASW #297
27 Aug 2024
Contributed by Lukas
IoT devices are notorious for weak designs, insecure implementations, and a lifecycle that mostly ignores patching. We look at external factors that m...
The Fallout and Lessons Learned from the CrowdStrike Fiasco - Shimon Modi, Jeff Pollard, Allie Mellen, Boaz Barzel - ASW #296
20 Aug 2024
Contributed by Lukas
This week, Jeff Pollard and Allie Mellen join us to discuss the fallout and lessons learned from the CrowdStrike fiasco. They explore the reasons behi...
When Appsec Needs to Start Small - Kalyani Pawar, Danny Jenkins, Nikos Kiourtis - ASW #295
13 Aug 2024
Contributed by Lukas
Startups and small orgs don't have the luxury of massive budgets and large teams. How do you choose an appsec approach that complements a startup's ne...
Building Successful Security Champions Programs - Marisa Fagan - ASW #294
06 Aug 2024
Contributed by Lukas
Even though Security Champions programs look very different across organizations and maturity levels, they share core principles for becoming successf...
A CISO's Perspective on AI, Appsec, and Changing Behaviors - ASW #293
30 Jul 2024
Contributed by Lukas
Modern appsec isn't modern because security tools got shifted in one direction or another, or because teams are finding and fixing more vulns. It's mo...
Where Generative AI Can Actually Help Security (And Where It Doesn't) - Farshad Abasi, Allie Mellen - ASW #292
23 Jul 2024
Contributed by Lukas
Generative AI has produced impressive chatbots and content generation, but however fun or impressive those might be, they don't always translate to va...
Producing Secure Code by Leveraging AI - Stuart McClure - ASW #291
16 Jul 2024
Contributed by Lukas
How can LLMs be valuable to developers as an assistant in finding and fixing insecure code? There are a lot of implications in trusting AI or LLMs to ...
State Of Application Security 2024 - Sandy Carielli, Janet Worthington - ASW #290
09 Jul 2024
Contributed by Lukas
Sandy Carielli and Janet Worthington, authors of the State Of Application Security 2024 report, join us to discuss their findings on trends this year!...
OAuth 2.0 from Protecting APIs to Supporting Authorization & Authentication - Aaron Parecki - ASW #289
25 Jun 2024
Contributed by Lukas
OAuth 2.0 is more than just a single spec and it's used to protect more than just APIs. We talk about challenges in maintaining a spec over a decade o...
Learning EBPF - Liz Rice - ASW Vault
18 Jun 2024
Contributed by Lukas
Check out this interview from the ASW Vault, hand picked by main host Mike Shema! This segment was originally published on April 4, 2023. Following on...
Microsoft Recall's Security & Privacy, Hacking Web APIs, Secure Design Pledge - ASW #288
11 Jun 2024
Contributed by Lukas
Looking at use cases and abuse cases of Microsoft's Recall feature, examples of hacking web APIs, CISA's secure design pledge, what we look for in CVE...
Open Source Software Supply Chain Security & The Real Crisis Behind XZ Utils - Idan Plotnik, Luis Villa, Erez Hasson - ASW #287
04 Jun 2024
Contributed by Lukas
Open source has been a part of the software supply chain for decades, yet many projects and their maintainers remain undersupported by the companies t...
Securing Shadow Apps & Protecting Data - Guy Guzner, Pranava Adduri - ASW Vault
28 May 2024
Contributed by Lukas
With hundreds or thousands of SaaS apps to secure with no traditional perimeter, Identity becomes the focal point for SaaS Security in the modern ente...
Collecting Bounties and Building Communities - Ben Sadeghipour - ASW Vault
28 May 2024
Contributed by Lukas
Check out this interview from the ASW Vault, hand picked by main host Mike Shema! This segment was originally published on April 18, 2023. We talk wit...
Node.js Secure Coding - Oliver Tavakoli, Chris Thomas, Liran Tal - ASW #286
21 May 2024
Contributed by Lukas
Secure coding education should be more than a list of issues or repeating generic advice. Liran Tal explains his approach to teaching developers throu...
Inside the OWASP Top 10 for LLM Applications - Sandy Dunn, Mike Fey, Josh Lemos - ASW #285
14 May 2024
Contributed by Lukas
Everyone is interested in generative AIs and LLMs, and everyone is looking for use cases and apps to apply them to. Just as the early days of the web ...
AI & Hype & Security (Oh My!) & Hacking AI Bias - Caleb Sima, Keith Hoodlet - ASW #284
07 May 2024
Contributed by Lukas
A lot of AI security has nothing to do with AI -- things like data privacy, access controls, and identity are concerns for any new software and in man...
Why Companies Continue to Struggle with Supply Chain Security - Melinda Marks - ASW #283
30 Apr 2024
Contributed by Lukas
Companies deploy tools (usually lots of tools) to address different threats to supply chain security. Melinda Marks shares some of the chaos those com...
Sustainable Funding of Open Source Tools - Mark Curphey, Simon Bennetts - ASW #282
23 Apr 2024
Contributed by Lukas
How can open source projects find a funding model that works for them? What are the implications with different sources of funding? Simon Bennetts tal...
Demystifying Security Engineering Career Tracks - Karan Dwivedi - ASW #281
15 Apr 2024
Contributed by Lukas
There are as many paths into infosec as there are disciplines within infosec to specialize in. Karan Dwivedi talks about the recent book he and co-aut...
Lessons That The XZ Utils Backdoor Spells Out - Farshad Abasi - ASW #280
09 Apr 2024
Contributed by Lukas
We look into the supply chain saga of the XZ Utils backdoor. It's a wild story of a carefully planned long con to add malicious code to a commonly use...
Infosec Myths, Mistakes, and Misconceptions - Adrian Sanabria - ASW #279
02 Apr 2024
Contributed by Lukas
Sometimes infosec problems can be summarized succinctly, like "patching is hard". Sometimes a succinct summary sounds convincing, but is based on old ...
Successful Security Needs a Streamlined UX - Benedek Gagyi - ASW #278
26 Mar 2024
Contributed by Lukas
One of the biggest failures in appsec is an attitude that blames users for security problems. A lot of processes and workflows break down because of a...