In this special episode, Ryan is joined by our Senior VP of Communities, Philippe Beaudette, and the Trust and Safety team at Stack Overflow to discuss maintaining platform integrity and managing user safety, handling complex issues like harassment, and how their team balances transparency and privacy online.
Ryan is joined by Jan Seredynski, Mobile Security Researcher and Pentester at Guardsquare, to talk about how you protect your app when the attackers control the code and the device it runs on.
Avoiding bad data is just as important in AI; it can open you to fines, lawsuits, and lost customers.
Software security expert Tanya Janca, author of Alice and Bob Learn Secure Coding and Staff DevRel at AppSec company Semgrep, joins Ryan to talk about secure coding practices.
Can an org automate security, change its culture to up their dev velocity, and stave off burnout?
Is your preferred programming language a matter of national security?
The home team is joined by Kinnaird McQuaid, founder and CTO of NightVision, which offers developer-friendly API and web app security testing. Kinnaird talks about his path from school-age hacker to white-hat security expert, why it’s important to build security practices into the software development lifecycle, how GenAI is changing security testing, and what security teams need to understand about developers’ working lives.
Ben Popper chats with Keith Babo, Head of Product at Solo.io, about how the API security landscape is changing in the era of GenAI. They talk through the role of governance in AI, the importance of data protection, and the role API gateways play in enhancing security and functionality. Keith shares his insights on retrieval-augmented generation (RAG) systems, protecting PII, and the necessity of human-in-the-loop AI development.
Josh Zhang, a staff site reliability engineer at Stack Overflow, tells Ryan and Eira how the Stack Exchange network defends against scraping bots. They also cover the emergence of human botnets, why DDoS attacks have spiked in the last couple of years, and the constant balancing act of protecting sites from attack without inhibiting legitimate users.
On this episode: The FTC bans most noncompete agreements, the implications of the TikTok “ban,” why a 2017 law is hitting startups with huge tax bills seven years later, and the return of net neutrality. Plus: the wunderkind hacker who ransomed Finland’s anxieties and secrets.
In the wake of the XZ backdoor, Ben and Ryan unpack the security implications of relying on open-source software projects maintained by small teams. They also discuss the open-source nature of Linux, the high cost of education in the US, the value of open-source contributions for job seekers, and what Apple is up to AI-wise.
The home team convenes to discuss the XZ backdoor attack, what great software engineers have in common, how GenAI is changing the face of drug development, and the rise of managed service providers for AI.
On this episode: Eitan Worcel, CEO and cofounder of Mobb, a company that uses AI to automate security vulnerability remediation, talks about how AI can help reduce security backlogs and free up developers’ time, what security risks emerge with GenAI, and why we still need a human in the loop.
Ben and Ryan talk about the hacker who exposed a security vulnerability in AI-powered software, security risks of smart devices, symbolic deduction engines in AI, and the programming language that features time travel.
While there’s a lot of dangers out there, it’s not all doom and gloom; we also talk about how to mitigate these threats.
This is part two of our conversation with Kubernetes project cofounder Craig McLuckie, whose new company helps developers build safer software by validating where code came from and that it’s been properly maintained.
Ben and Ryan chat with Craig McLuckie, co-founder of the Kubernetes project and cofounder/CEO of Stacklok, which helps developers and open-source communities build safer, more secure software.
The home team chats with Alex Bovee, cofounder and CEO of identity access management company ConductorOne, about balancing security and productivity in developer workflows, why tech companies have shifted everything left, and the logic behind zero trust.
This affects the individual developer writing insecure code, the engineering team blindly trusting their dependencies, and the organization thinking that their best bet is to roll their own security controls.
Your ML model and AI-as-a-service apps might open new attack surfaces. Here's how to mitigate them.
OAuth2 is one of the most popular specifications for API authentication today, though wrapping your head around it can be a challenge.
Dynamic application security testing (DAST) can help catch security flaws in your code. And it can do it automatically in your build process.
On this home team episode of the podcast, Ben, Cassidy, and Matt talk about small computers, big nostalgia, and security flaws that you could script a truck through.
When the bots came for us, we strengthened our defenses. Here's what we learned about parrying a few DDoS attacks.
