Ben Popper chats with Keith Babo, Head of Product at Solo.io, about how the API security landscape is changing in the era of GenAI. They talk through the role of governance in AI, the importance of data protection, and the role API gateways play in enhancing security and functionality. Keith shares his insights on retrieval-augmented generation (RAG) systems, protecting PII, and the necessity of human-in-the-loop AI development.
Josh Zhang, a staff site reliability engineer at Stack Overflow, tells Ryan and Eira how the Stack Exchange network defends against scraping bots. They also cover the emergence of human botnets, why DDoS attacks have spiked in the last couple of years, and the constant balancing act of protecting sites from attack without inhibiting legitimate users.
On this episode: The FTC bans most noncompete agreements, the implications of the TikTok “ban,” why a 2017 law is hitting startups with huge tax bills seven years later, and the return of net neutrality. Plus: the wunderkind hacker who ransomed Finland’s anxieties and secrets.
In the wake of the XZ backdoor, Ben and Ryan unpack the security implications of relying on open-source software projects maintained by small teams. They also discuss the open-source nature of Linux, the high cost of education in the US, the value of open-source contributions for job seekers, and what Apple is up to AI-wise.
The home team convenes to discuss the XZ backdoor attack, what great software engineers have in common, how GenAI is changing the face of drug development, and the rise of managed service providers for AI.
Is your preferred programming language a matter of national security?
On this episode: Eitan Worcel, CEO and cofounder of Mobb, a company that uses AI to automate security vulnerability remediation, talks about how AI can help reduce security backlogs and free up developers’ time, what security risks emerge with GenAI, and why we still need a human in the loop.
Ben and Ryan talk about the hacker who exposed a security vulnerability in AI-powered software, security risks of smart devices, symbolic deduction engines in AI, and the programming language that features time travel.
While there’s a lot of dangers out there, it’s not all doom and gloom; we also talk about how to mitigate these threats.
This is part two of our conversation with Kubernetes project cofounder Craig McLuckie, whose new company helps developers build safer software by validating where code came from and that it’s been properly maintained.
Ben and Ryan chat with Craig McLuckie, co-founder of the Kubernetes project and cofounder/CEO of Stacklok, which helps developers and open-source communities build safer, more secure software.
The home team chats with Alex Bovee, cofounder and CEO of identity access management company ConductorOne, about balancing security and productivity in developer workflows, why tech companies have shifted everything left, and the logic behind zero trust.
This affects the individual developer writing insecure code, the engineering team blindly trusting their dependencies, and the organization thinking that their best bet is to roll their own security controls.
Your ML model and AI-as-a-service apps might open new attack surfaces. Here's how to mitigate them.
OAuth2 is one of the most popular specifications for API authentication today, though wrapping your head around it can be a challenge.
Dynamic application security testing (DAST) can help catch security flaws in your code. And it can do it automatically in your build process.
On this home team episode of the podcast, Ben, Cassidy, and Matt talk about small computers, big nostalgia, and security flaws that you could script a truck through.
When the bots came for us, we strengthened our defenses. Here's what we learned about parrying a few DDoS attacks.
Security needs to move from an afterthought to a primary concern in software development. Here's what shifting left looks like for real-world developers.
The home team discusses pay equity at New Relic, Okta’s security SNAFU, and the AI creating “wildly good” generative art.
When the Log4j security issue was disclosed, developers came looking for answers. We took a look at our site data around it.
Are your TikTok confessions GDPR-compliant?
For this edition of Stack Overflow Knows, we did a deep dive into cybersecurity topics across Stack Overflow and Stack Exchange sites to spotlight trends and reflect on how conversations are evolving within the developer and technical community.
Magic links get you in the door safer than passwords.
