Sign up to save your podcasts
Or
Share S4E7:Jeff Williams - DevSecOps and Application Security (AppSec)
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
S4E7:Jeff Williams - DevSecOps and Application Security (AppSec)
Nikki: I have to start with an article you wrote a couple of years ago, about how we explain and provide context around vulnerabilities. I love the analogy of a 'vulnerability recipe' and how we can step through an explanation of vulnerabilities. Can you talk a little bit about the process and what compelled you to explore this topic?
Nikki: I saw you spoke to Ron Ross recently, we had him on the show last year talking about cyber resiliency and of course software supply chain. Can you talk a little bit about security assurance and what that means to both developers and security practitioners?
Chris: You've been a leader in the AppSec space for some time, particularly focusing on capabilities and tooling such as IAST. For folks not familiar with IAST, can you explain what it is and the value it adds over say SAST and DAST?
Chris: I know you and I have exchanged messages and comments about Software Supply Chain Security and SBOM. What are your thoughts about where were headed on this front as an industry?
Chris: With the release of the National Cyber Strategy yesterday I of course have to ask your initial thoughts. First more broadly, about the overall sentiment of the strategy and also about specific areas, such as increased requirements on software vendors and technology providers to produce secure products and the potential for increased liability.
Nikki: It looks like you had a pretty lengthy time with OWASP - can you talk about some of the work you did there and the work that OWASP does? I think people typically equate OWASP with the OWASP top ten, but there are so many free resources and tools available for developers and security professionals.
Chris: Given your past involvement of a decade with OWASP in its early growth, any thoughts on the recent open letter we saw sent to the OWASP leadership?
Nikki: Can you talk a little bit more about Contrast security and the type of work you all do? Would like to hear more about what the company has going on and anything else you may have coming up.
Chris: Continuing on with Contrast, I am interested in the founders journey a bit. Contrast has been around for nearly a decade and is now up to several hundreds of employees. What has that journey been like and what are some of the major ways the industry has, or hasn't changed during that time?
View all episodes
By Chris Hughes
4.9
1515 ratings
Nikki: I have to start with an article you wrote a couple of years ago, about how we explain and provide context around vulnerabilities. I love the analogy of a 'vulnerability recipe' and how we can step through an explanation of vulnerabilities. Can you talk a little bit about the process and what compelled you to explore this topic?
Nikki: I saw you spoke to Ron Ross recently, we had him on the show last year talking about cyber resiliency and of course software supply chain. Can you talk a little bit about security assurance and what that means to both developers and security practitioners?
Chris: You've been a leader in the AppSec space for some time, particularly focusing on capabilities and tooling such as IAST. For folks not familiar with IAST, can you explain what it is and the value it adds over say SAST and DAST?
Chris: I know you and I have exchanged messages and comments about Software Supply Chain Security and SBOM. What are your thoughts about where were headed on this front as an industry?
Chris: With the release of the National Cyber Strategy yesterday I of course have to ask your initial thoughts. First more broadly, about the overall sentiment of the strategy and also about specific areas, such as increased requirements on software vendors and technology providers to produce secure products and the potential for increased liability.
Nikki: It looks like you had a pretty lengthy time with OWASP - can you talk about some of the work you did there and the work that OWASP does? I think people typically equate OWASP with the OWASP top ten, but there are so many free resources and tools available for developers and security professionals.
Chris: Given your past involvement of a decade with OWASP in its early growth, any thoughts on the recent open letter we saw sent to the OWASP leadership?
Nikki: Can you talk a little bit more about Contrast security and the type of work you all do? Would like to hear more about what the company has going on and anything else you may have coming up.
Chris: Continuing on with Contrast, I am interested in the founders journey a bit. Contrast has been around for nearly a decade and is now up to several hundreds of employees. What has that journey been like and what are some of the major ways the industry has, or hasn't changed during that time?
More shows like Resilient Cyber
View all
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
627 Listeners
The Cloudcast
152 Listeners
CyberWire Daily
1,003 Listeners
AWS Podcast
203 Listeners
Darknet Diaries
7,876 Listeners
Cybersecurity Today
168 Listeners
CISO Series Podcast
187 Listeners
Cloud Security Podcast
57 Listeners
Cyber Security Headlines
129 Listeners
CISO Tradecraft®
48 Listeners
The Ezra Klein Show
15,313 Listeners
Risky Bulletin
33 Listeners
No Priors: Artificial Intelligence | Technology | Startups
123 Listeners
AI Security Podcast
4 Listeners
Threat Vector by Palo Alto Networks
34 Listeners