The Secure Developer

Securing And Defending Like Brazilian Jiu-Jitsu With Jeremiah Grossman


Listen Later

Episode Summary

Join Jeremiah Grossman, application security pioneer and former CEO of WhiteHat Security, as he reflects on decades of innovation in the industry, from the early days of OWASP to today’s AI-driven development landscape. Explore critical discussions about the escalating costs of security, aligning developer incentives, and the future challenges posed by AI-generated vulnerabilities. Packed with insights, this episode dives deep into the strategies and frameworks shaping the way we build and secure modern software.

Show Notes

In this episode of The Secure Developer, we sit down with Jeremiah Grossman, a pioneer in application security and former CEO of WhiteHat Security. Jeremiah shares fascinating insights from his decades of experience shaping the security landscape, including the origins of the OWASP project and his role in raising awareness about critical vulnerabilities like SQL injection and cross-site scripting.

The conversation delves into how the industry has evolved over the past two decades, from the early days when nearly every application was riddled with vulnerabilities to today’s more robust frameworks and heightened security awareness. Despite these advancements, Jeremiah and Danny discuss why security spending remains high while organizations continue to struggle with improving their overall security posture.

Key topics include:

  • The misalignment of incentives in software development that prioritizes speed over security.
  • The emerging role of cyber insurance in shaping organizational security practices.
  • The challenges of unknown assets and their contribution to breaches, highlighting the importance of asset inventory and attack surface management.
  • The impact of AI on software development, particularly the risks and opportunities presented by AI-generated code and new attack surfaces.

Jeremiah also shares his thoughts on aligning incentives for secure development, including innovative approaches like developer performance metrics and reward structures for secure coding. The episode concludes with a look at Jeremiah’s current focus on venture capital and fostering innovation in security, as well as his personal passion for Brazilian jiu-jitsu and its parallels with the security industry.

This episode is a deep dive into the critical challenges and opportunities facing modern security professionals, offering actionable insights and thought-provoking discussions for developers, CISOs, and security practitioners alike.

Links

  • OWASP (Open Web Application Security Project)
  • Black Hat
  • Node.js
  • Brave Browser
  • Chromium
  • Cornell Study on AI Code Vulnerabilities
  • Snyk - The Developer Security Company

Follow Us

  • Our Website
  • Our LinkedIn

...more
View all episodesView all episodes
Download on the App Store

The Secure DeveloperBy Snyk

  • 4.7
  • 4.7
  • 4.7
  • 4.7
  • 4.7

4.7

21 ratings


More shows like The Secure Developer

View all
Risky Business by Patrick Gray

Risky Business

361 Listeners

SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast) by Johannes B. Ullrich

SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

627 Listeners

The Changelog: Software Development, Open Source by Changelog Media

The Changelog: Software Development, Open Source

282 Listeners

The Cloudcast by Massive Studios

The Cloudcast

152 Listeners

Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec by Jerry Bell and Andrew Kalat

Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec

363 Listeners

Thoughtworks Technology Podcast by Thoughtworks

Thoughtworks Technology Podcast

42 Listeners

Software Engineering Daily by Software Engineering Daily

Software Engineering Daily

627 Listeners

AWS Podcast by Amazon Web Services

AWS Podcast

203 Listeners

Smashing Security by Graham Cluley & Carole Theriault

Smashing Security

311 Listeners

Darknet Diaries by Jack Rhysider

Darknet Diaries

7,872 Listeners

Kubernetes Podcast from Google by Abdel Sghiouar, Kaslin Fields

Kubernetes Podcast from Google

181 Listeners

CISO Series Podcast by David Spark, Mike Johnson, and Andy Ellis

CISO Series Podcast

187 Listeners

Defense in Depth by David Spark, Steve Zalewski, Geoff Belknap

Defense in Depth

76 Listeners

Risky Bulletin by risky.biz

Risky Bulletin

33 Listeners

The 404 Media Podcast by 404 Media

The 404 Media Podcast

312 Listeners