The home team is joined by Kinnaird McQuaid, founder and CTO of NightVision, which offers developer-friendly API and web app security testing. Kinnaird talks about his path from school-age hacker to white-hat security expert, why it’s important to build security practices into the software development lifecycle, how GenAI is changing security testing, and what security teams need to understand about developers’ working lives.

Eira May

Ben Popper chats with Keith Babo, Head of Product at Solo.io, about how the API security landscape is changing in the era of GenAI. They talk through the role of governance in AI, the importance of data protection, and the role API gateways play in enhancing security and functionality. Keith shares his insights on retrieval-augmented generation (RAG) systems, protecting PII, and the necessity of human-in-the-loop AI development.

Eira May

Josh Zhang, a staff site reliability engineer at Stack Overflow, tells Ryan and Eira how the Stack Exchange network defends against scraping bots. They also cover the emergence of human botnets, why DDoS attacks have spiked in the last couple of years, and the constant balancing act of protecting sites from attack without inhibiting legitimate users.

Eira May

On this episode: The FTC bans most noncompete agreements, the implications of the TikTok “ban,” why a 2017 law is hitting startups with huge tax bills seven years later, and the return of net neutrality. Plus: the wunderkind hacker who ransomed Finland’s anxieties and secrets.

Eira May

In the wake of the XZ backdoor, Ben and Ryan unpack the security implications of relying on open-source software projects maintained by small teams. They also discuss the open-source nature of Linux, the high cost of education in the US, the value of open-source contributions for job seekers, and what Apple is up to AI-wise.

Eira May

The home team convenes to discuss the XZ backdoor attack, what great software engineers have in common, how GenAI is changing the face of drug development, and the rise of managed service providers for AI.

Eira May

Is your preferred programming language a matter of national security?

Ryan Donovan

On this episode: Eitan Worcel, CEO and cofounder of Mobb, a company that uses AI to automate security vulnerability remediation, talks about how AI can help reduce security backlogs and free up developers’ time, what security risks emerge with GenAI, and why we still need a human in the loop.

Eira May

Ben and Ryan talk about the hacker who exposed a security vulnerability in AI-powered software, security risks of smart devices, symbolic deduction engines in AI, and the programming language that features time travel.

Eira May

While there’s a lot of dangers out there, it’s not all doom and gloom; we also talk about how to mitigate these threats.

Ryan Donovan

This is part two of our conversation with Kubernetes project cofounder Craig McLuckie, whose new company helps developers build safer software by validating where code came from and that it’s been properly maintained.

Eira May

Ben and Ryan chat with Craig McLuckie, co-founder of the Kubernetes project and cofounder/CEO of Stacklok, which helps developers and open-source communities build safer, more secure software.

Eira May

The home team chats with Alex Bovee, cofounder and CEO of identity access management company ConductorOne, about balancing security and productivity in developer workflows, why tech companies have shifted everything left, and the logic behind zero trust.

Eira May

This affects the individual developer writing insecure code, the engineering team blindly trusting their dependencies, and the organization thinking that their best bet is to roll their own security controls.

Tanya Janca

Your ML model and AI-as-a-service apps might open new attack surfaces. Here's how to mitigate them.

Taimur Ijlal

OAuth2 is one of the most popular specifications for API authentication today, though wrapping your head around it can be a challenge.

Dan Moore

Dynamic application security testing (DAST) can help catch security flaws in your code. And it can do it automatically in your build process.

Tanya Janca

On this home team episode of the podcast, Ben, Cassidy, and Matt talk about small computers, big nostalgia, and security flaws that you could script a truck through. 

Ryan Donovan

When the bots came for us, we strengthened our defenses. Here's what we learned about parrying a few DDoS attacks.

Josh Zhang

Security needs to move from an afterthought to a primary concern in software development. Here's what shifting left looks like for real-world developers.

Michael Chenetz

The home team discusses pay equity at New Relic, Okta’s security SNAFU, and the AI creating “wildly good” generative art.

Eira May

When the Log4j security issue was disclosed, developers came looking for answers. We took a look at our site data around it.

David Gibson

Are your TikTok confessions GDPR-compliant?

Eira May

For this edition of Stack Overflow Knows, we did a deep dive into cybersecurity topics across Stack Overflow and Stack Exchange sites to spotlight trends and reflect on how conversations are evolving within the developer and technical community.

David Gibson