Episode 164: Secure by Design in Software Development
Dec 03, 2025•45 min•Ep. 164
Listen to this episode in Metacast mobile app
Don't just listen to podcasts. Learn from them with transcripts, summaries, and chapters for every episode. Skim, search, and bookmark insights. Learn more
Episode description
In Episode 164 of Cybersecurity Where You Are, Tony Sager sits down with Curt Dukes, EVP and General Manager of Security Best Practices at the Center for Internet Security® (CIS®), and Steve Lipner, Executive Director of SAFECode.org. Together, they explore the evolution of secure software development and why secure by design is critical for reducing risk in today’s complex environments.
Here are some highlights from our episode:
- 01:08. Introductions to Curt and Steve
- 04.01. The historical challenge of implementation errors in software security
- 08:41. The emergence of secure by design and the need to measure against specified criteria
- 14:39. The value of artifacts as evidence of secure software development
- 28:52: How the CIS Critical Security Controls® (CIS Controls®) support secure software
- 39:59. The use of community projects to address challenges like secure by design
Resources
- Secure by Design: A Guide to Assessing Software Security Practices
- How Secure by Design Helps Developers Build Secure Software
- CIS, SAFECode Launch Secure by Design Guide to Help Developers Meet National Software Security Expectations
- Episode 107: Continuous Improvement via Secure by Design
- Secure by Design
- Secure Software Development Framework
- Episode 63: Building Capability and Integration with SBOMs
If you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.
For the best experience, listen in Metacast app for iOS or Android