December closed out another year of Application Security Weekly. Thank you to everyone who’s listened! We have more news, more guests, and more fun intros coming in 2024.
John Kinsella keeps a list of news articles and topics to revisit six months later and the end of 2023 seemed like the right time to check that list out. We reviewed several articles from the past year to see if they elicited a yay or a yawn. Not surprisingly, LLMs were pretty common, followed by memory safety and projects adopting Rust.
We dipped into documentation in a conversation with Heather Flanagan about RFCs. She has deep experience with various standards processes and shared her insights on how standards come about, security considerations, and how standards try to avoid ambiguity. Even if you’re not usually reading RFCs (they’re not all dry and boring!), there are lessons here for all sorts of documentation related to software. Check out the show notes for some of our favorite RFCs.
On our last recorded show of the year Idit Levine talked about making service meshes work for people – primarily as a means to increase observability for SREs, developers, and appsec teams. We talked about when and why organizations move from monorepos to service meshes, as well as when a monorepo should remain a monorepo.
Since there was one more Monday in December, we squeezed in an episode from the vault. In June 2021 Seba Deleersnyder joined us to talk about the OWASP Software Assurance Maturity Model. It can be especially useful to small orgs and orgs trying to figure out a roadmap for building secure software.