In Search of Secure Design - ASW #325
Apr 08, 2025•1 hr 8 min
Listen to this episode in Metacast mobile app
Don't just listen to podcasts. Learn from them with transcripts, summaries, and chapters for every episode. Skim, search, and bookmark insights. Learn more
Episode description
We have a top ten list entry for Insecure Design, pledges to CISA's Secure by Design principles, and tons of CVEs that fall into familiar categories of flaws. But what does it mean to have a secure design and how do we get there? There are plenty of secure practices that orgs should implement are supply chains, authentication, and the SDLC. Those practices address important areas of risk, but only indirectly influence a secure design. We look at tactics from coding styles to design councils as we search for guidance that makes software more secure.
Segment resources
- https://owasp.org/Top10/A042021-InsecureDesign/
- https://www.cisa.gov/securebydesign/pledge
- https://www.cisa.gov/securebydesign
- https://kccnceu2025.sched.com/event/1xBJR/keynote-rust-in-the-linux-kernel-a-new-era-for-cloud-native-performance-and-security-greg-kroah-hartman-linux-kernel-maintainer-fellow-the-linux-foundation
- https://newsletter.pragmaticengineer.com/p/how-linux-is-built-with-greg-kroah
- https://daniel.haxx.se/blog/2025/04/07/writing-c-for-curl/
Visit https://www.securityweekly.com/asw for all the latest episodes!
Show Notes: https://securityweekly.com/asw-325
For the best experience, listen in Metacast app for iOS or Android
Open in Metacast