
CISA's Secure by Design Principles, Pledge, and Progress - Jack Cable - ASW #321
11 March - 1 hour 13 minsJust three months into 2025 and we already have several hundred CVEs for XSS and SQL injection. Appsec has known about these vulns since the late 90s. Common defenses have been known since the early 2000s. Jack Cable talks about CISA's Secure by Design principles and how they're trying to refocus businesses on addressing vuln classes and prioritizing software quality -- with security one of those important dimensions of quality.
Segment Resources:
https://www.cisa.gov/securebydesign https://www.cisa.gov/securebydesign/pledge https://www.cisa.gov/resources-tools/resources/product-security-bad-practices https://www.lawfaremedia.org/projects-series/reviews-essays/security-by-design https...

Existential Dread, MCP, Cloudflare, ESXI, QR Codes, Salt Typhoon, Aaran Leyland... - SWN #495
33 mins
18 July Finished

AI meltdowns, Gigabyte, NCSC, Rowhammer, Gravity Form, Grok, AsyncRat, Josh Marpet... - SWN #494
30 mins
15 July Finished

Getting Started with Security Basics on the Way to Finding a Specialization - ASW #339
1 hour 7 mins
15 July Finished

Monzy Merza, How Much AI is Too Much, and the Weekly News - Monzy Merza - ESW #415
1 hour 43 mins
14 July Finished