Microphone against blue background

Photo by Linpaul Rodney on Unsplash

It’s a new year! Which means more new intros, more discussions about the principles of secure design, and more coverage of how LLMs are changing what appsec means.

The Upsides and Downsides of LLM-Generated Code (ep. 364)

Developers are adding LLMs and agents to their code creation toolboxes, using them to assist with writing and reviewing code. Chris Wysopal talks about the security downsides of relying on LLMs and how appsec needs to adapt to dealing with a faster pace and higher volume of code to review.

Secure By Design Is Better Than Secure By Myth (ep. 365)

Not all infosec advice is helpful. Bad advice wastes time, makes people less secure, and takes focus away from making software more secure. Bob Lord talks about his efforts to tamp down hacklore — the security myths and mistakes that crop up in news stories and advice to users.

He talks about how these myths come about, why they’re harmful, and how they’re related to the necessity of building software that’s secure by design. Find out more about his efforts at Stop Hacklore!

The Week's Appsec News (ep. 366)

MongoBleed and a recent OWASP CRS bypass show how parsing problems remain a source of security flaws regardless of programming language. We talk with Kalyani Pawar about how these problems rank against the Top 25 CWEs for 2025 and what it means for relying on LLMs to generate code.

Supply Chain Security (ep. 367)

Supply chain security remains one of the biggest time sinks for appsec teams and developers, even making it onto the latest iteration of the OWASP Top 10 list. Paul Davis shares strategies to proactively defend your environment from the types of attacks that target supply chains and package dependencies.

We also discuss how to gain time back by being smarter about how to manage packages and where the responsibility for managing the security of packages should be.

Subscribe to catch these episodes and more!