CISA's Secure by Design Principles, Pledge, and Progress - Jack Cable - ASW #321
11 March - 1 hour 13 minsJust three months into 2025 and we already have several hundred CVEs for XSS and SQL injection. Appsec has known about these vulns since the late 90s. Common defenses have been known since the early 2000s. Jack Cable talks about CISA's Secure by Design principles and how they're trying to refocus businesses on addressing vuln classes and prioritizing software quality -- with security one of those important dimensions of quality.
Segment Resources:
https://www.cisa.gov/securebydesign https://www.cisa.gov/securebydesign/pledge https://www.cisa.gov/resources-tools/resources/product-security-bad-practices https://www.lawfaremedia.org/projects-series/reviews-essays/security-by-design https...
Series Episodes
Board Priority But Lack of Access & CISO Pressure, 360 Privacy and Pentera Interviews - Chuck Randolph, Tom Pore - BSW #413
1 hour 10 mins
17 September Finished
AI Nuns, Steganography, You're fired, VoidProxy, C++, Carplay Apriso, Josh Marpet... - SWN #512
34 mins
16 September Finished
How OWASP's GenAI Security Project keeps up with the pace of AI/Agentic changes - Scott Clinton - ASW #348
1 hour 8 mins
16 September Finished
Forrester's AEGIS Framework, the weekly news, and interviews with Fortra and Island - Jeff Pollard, Rohit Dhamankar, Michael Leland - ESW #424
1 hour 40 mins
15 September Finished
Diella, Texas, Movie Rip Offs, WAF, AdaptixC2, Nano11, and More... - SWN #511
33 mins
12 September Finished
