October Is Almost Here
Hello Protocols, Packets, and Programs,
October is almost here, when we get to tell the scariest stories, read the most horrifying code, and try to survive yet another powerpoint presentation on cybersecurity awareness.
October is the time of cybersecurity awareness. It’s good to have an explicit call to attention for security topics, but it’s terrible when that call to attention is squandered on boring, static presentations or empty recital of top 10 lists or warnings to “Don’t click that link.”
Links are designed to be clicked. If your security awareness and security models rely on some sort of manual scrutiny to distinguish a “good” link from a “bad” one, then you’re two decades behind modern appsec and you’re wasting your audience’s time.
Appsec checklists and standards always include “Secure Coding” or, worse, just declare, “Write secure code.” But where do developers learn about fundamentals of secure coding or what secure code even looks like?
Janet Worthington joined us in the interview segment to talk about how universities cover infosec topics and what the industry can do to improve that education. She returned later in episode 258 to talk about DevSecOps and focusing security efforts on design instead of vulns.