Developers ignore security issues. But can we really blame them? After all, security folks bombard them with an endless stream of issues that need to be addressed with no way for them to separate what’s actually critical from all the noise, all while they are expected to release software more frequently and faster than ever before. It makes sense why developers view security as something that just gets in their way and slows them down. To make application security easy, we must make it developer-first. This is the future of AppSec. In the AppSec News: Okta breach, fuzzing Rust find ReDos, SQL injection and the age of code, Log4j numbers paint a not-pretty picture.

 

Show Notes: https://securityweekly.com/asw190

Segment Resources:

- https://techbeacon.com/devops/5-steps-building-developer-first-application-security-program

- https://www.forbes.com/sites/forbestechcouncil/2022/02/14/what-organizations-get-wrong-about-developer-first-application-security/?sh=1dad6eb58e7c

- https://www.tromzo.com/state-of-modern-application-security

 

Visit https://www.securityweekly.com/asw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly