Application Security Weekly Subscribe

Application security, DevSecOps, Security Architecture

All the News — Just Six Months Later – ASW #265

December 4, 2023

We cover appsec news on a weekly basis, but sometimes that news is merely about the start of a new project, sometimes it's yet another example of a vuln class, and sometimes it's a topic we hope doesn't become a trend.

So, what themes have we seen and where do we see them going? Here are a few headline topics that have alternately generated yays and yawns.

CISA's Secure by Design and Secure by Default
CVSS 4.0
Generative AI
MFA mandates
Microsoft, Rust, and Memory Safety
New TLDs
OAuth
OpenSSF and OWASP

Full episode and show notes

Hosts

Tech Lead at Block

Senior Engineering Leader at AWS

Related

Application security

AI fixes everything, C++ the actual worst, IAM is hard – ASW #308

November 18, 2024

This week, in the Application Security News, we dismiss magical thinking and discuss what generative AI will actually be able to do for us. We also discuss whether Secure by Design's goals are practical or not. OSC&R releases a report on software supply chain that should be interesting, though neither of us had time to read it yet. Also, Wat...

Vulnerability Management

Struwwelpeter, Krampus, Flutter, Apple, DLink, C++, Josh Marpet and more… – SWN #430

November 12, 2024

Struwwelpeter, Krampus, Flutter, Apple, DLink, C++, Josh Marpet and more on the Security Weekly News.

Application security

Typosquatting NPM, vulnerability analysis, and AI challenges – ASW #307

November 11, 2024

This week, in the Application Security News, we spend a lot of time on some recent vulnerabilities. We take this opportunity to talk about how to determine whether or not a vulnerability is worth a critical response. Can AI fully automate DevSecOps Governance? Adrian has his reservations, but JLK is bullish. Is it bad that 70% of DevSecOps profe...