Sign up to save your podcasts
Or
Share The State of Security in Elixir with Holden Oullette
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
The State of Security in Elixir with Holden Oullette
In the Elixir Wizards season 15 premiere, host Charles Suggs is joined by Holden Oullette, Senior Security Software Engineer at Netflix and maintainer of Sobelow, to talk about how security is evolving in the Elixir ecosystem.
We discuss how certain features of the Elixir programming language (like functional patterns and server-side rendering) provide natural immunity against some common vulnerabilities, and what that means as the language continues to grow. Holden shares how tools like Sobelow are adapting and how new technologies like LLMs and Elixir's type system may help to strengthen security practices.
We cover supply chain risks, ecosystem-level responsibility and reputation management, and how initiatives like AEGIS are prepping the community for more widespread adoption. We wrap with practical tips for teams to be more security-minded throughout the software development lifecycle without slowing everything down.
Key topics discussed in this episode:
Links mentioned:
Holden’s GitHub https://github.com/houllette
Elixir Programming Language https://elixir-lang.org/
Security-focused static analysis for the Phoenix Framework https://github.com/nccgroup/sobelow
Code Security for Builders https://semgrep.dev/
Erlang Ecosystems Foundation https://erlef.org/
Phoenix Framework https://www.phoenixframework.org/
WebSockets https://hexdocs.pm/phoenix_live_view/Phoenix.LiveView.Socket.html
https://developer.mozilla.org/en-US/docs/Web/API/WebSockets_API
Open Worldwide Application Security Project https://owasp.org/
https://github.com/elixir-ecto/ecto
Log4j Vulnerability https://www.ncsc.gov.uk/information/log4j-vulnerability-what-everyone-needs-to-know
React2Shell Vulnerability https://www.finra.org/guidance/guidance/cybersecurity-advisory-react2shell
The Heartbleed Bug https://www.heartbleed.com/
Elixir Type System https://hexdocs.pm/elixir/main/gradual-set-theoretic-types.html
Holden Oullette “Securing the Future: A Roadmap to Making Elixir the Safest Language” ElixirConf 2024 https://youtu.be/gpvKxS6sY8Y
Aegis Initiative: Supply Chain Security & Compliance Initiative https://security.erlef.org/aegis/
OIDC Tokens https://openid.net/
Anthropic’s Claude Mythos & Cybersecurity https://red.anthropic.com/2026/mythos-preview/
Igniter Code Generation Framework https://github.com/ash-project/igniter
https://smartlogic.io/podcast/elixir-wizards/s13-e01-igniter-code-generation-zach-daniel/
Secure-by-default open source software https://www.chainguard.dev/
https://www.docker.com/
https://github.com/dependabot
https://docs.aws.amazon.com/apigatewayv2/latest/api-reference/apis-apiid-models.html
https://nixos.org/
https://smartlogic.io/podcast/elixir-wizards/s14-e08-nix-for-elixir-apps/
https://fedoraproject.org/
https://kubernetes.io/
https://netflix.github.io/chaosmonkey/
https://netflixtechblog.com/all?topic=chaos-monkey
Special Guest: Holden Oullette.
View all episodes
By SmartLogic LLC
4.9
2222 ratings
In the Elixir Wizards season 15 premiere, host Charles Suggs is joined by Holden Oullette, Senior Security Software Engineer at Netflix and maintainer of Sobelow, to talk about how security is evolving in the Elixir ecosystem.
We discuss how certain features of the Elixir programming language (like functional patterns and server-side rendering) provide natural immunity against some common vulnerabilities, and what that means as the language continues to grow. Holden shares how tools like Sobelow are adapting and how new technologies like LLMs and Elixir's type system may help to strengthen security practices.
We cover supply chain risks, ecosystem-level responsibility and reputation management, and how initiatives like AEGIS are prepping the community for more widespread adoption. We wrap with practical tips for teams to be more security-minded throughout the software development lifecycle without slowing everything down.
Key topics discussed in this episode:
Links mentioned:
Holden’s GitHub https://github.com/houllette
Elixir Programming Language https://elixir-lang.org/
Security-focused static analysis for the Phoenix Framework https://github.com/nccgroup/sobelow
Code Security for Builders https://semgrep.dev/
Erlang Ecosystems Foundation https://erlef.org/
Phoenix Framework https://www.phoenixframework.org/
WebSockets https://hexdocs.pm/phoenix_live_view/Phoenix.LiveView.Socket.html
https://developer.mozilla.org/en-US/docs/Web/API/WebSockets_API
Open Worldwide Application Security Project https://owasp.org/
https://github.com/elixir-ecto/ecto
Log4j Vulnerability https://www.ncsc.gov.uk/information/log4j-vulnerability-what-everyone-needs-to-know
React2Shell Vulnerability https://www.finra.org/guidance/guidance/cybersecurity-advisory-react2shell
The Heartbleed Bug https://www.heartbleed.com/
Elixir Type System https://hexdocs.pm/elixir/main/gradual-set-theoretic-types.html
Holden Oullette “Securing the Future: A Roadmap to Making Elixir the Safest Language” ElixirConf 2024 https://youtu.be/gpvKxS6sY8Y
Aegis Initiative: Supply Chain Security & Compliance Initiative https://security.erlef.org/aegis/
OIDC Tokens https://openid.net/
Anthropic’s Claude Mythos & Cybersecurity https://red.anthropic.com/2026/mythos-preview/
Igniter Code Generation Framework https://github.com/ash-project/igniter
https://smartlogic.io/podcast/elixir-wizards/s13-e01-igniter-code-generation-zach-daniel/
Secure-by-default open source software https://www.chainguard.dev/
https://www.docker.com/
https://github.com/dependabot
https://docs.aws.amazon.com/apigatewayv2/latest/api-reference/apis-apiid-models.html
https://nixos.org/
https://smartlogic.io/podcast/elixir-wizards/s14-e08-nix-for-elixir-apps/
https://fedoraproject.org/
https://kubernetes.io/
https://netflix.github.io/chaosmonkey/
https://netflixtechblog.com/all?topic=chaos-monkey
Special Guest: Holden Oullette.