• CSCP S4EP13 - Josh Goldberg - Crafting Secure Applications in the Age of AI with Josh Goldberg

  • Apr 7 2024
  • Length: 38 mins
  • Podcast

CSCP S4EP13 - Josh Goldberg - Crafting Secure Applications in the Age of AI with Josh Goldberg

  • Summary

  • A dev perspective on application security: Dive deep into the pivotal nexus of cybersecurity, application security, and software development in our latest podcast episode featuring Josh Goldberg, a renowned figure in the TypeScript ecosystem. This episode sheds light on the evolving realm of secure coding practices, acknowledging the progress achieved while recognizing the challenges that lie ahead. Join us as we unravel the nuanced role of artificial intelligence in software development, moving beyond the hype to establish grounded expectations for this sophisticated tool. The episode is brought to you by Phoenix Security; get in control of your vulnerabilities from code to cloud with the power of Phoenix. ACT Now on the most important vulnerabilities and reduce your exposure to modern attacks. See it for yourself. Go to https://phoenix.security/request-a-demo/ for a free 14-day licence. Our discussion ventures into the dynamic landscape of the tech job market, sparking a thought-provoking debate on the value of junior versus senior developers in building a resilient digital future. We also underscore the critical role of checklists in enhancing product development, inspired by insights from "The Checklist Manifesto." By integrating accessibility audits and security consultations, we reveal how checklists can transform development processes, ensuring products are secure and accessible from the start. The conversation extends to the cutting-edge application of AI in threat modeling, highlighting the importance of strategic objectives that place security and accessibility at the forefront. We further explore the essential art of communication within organizations and its pivotal role in seamless security integration. This dialogue emphasizes the significance of leadership in cultivating an environment where trust and verification coalesce, promoting a culture of thorough security checks and balances. As we dissect the concept of Service Level Agreements (SLAs), our discussion illuminates their dual function as both security mechanisms and corporate assurances, advocating for the early adoption of security measures in business strategies. Experience firsthand how security features, like multi-factor authentication, can serve not just as protective measures but as compelling marketing and product differentiators. Don't miss this enriching conversation that bridges the gap between cybersecurity practices and software development, offering invaluable insights for professionals navigating the intricate landscape of tech innovation. Tune in to this enlightening episode to equip yourself with the knowledge and insights needed to navigate the evolving landscape of cybersecurity. 00:02: Introduction and sponsorship message from Phoenix Security Limited.00:53: Welcoming Josh Goldberg, an open source advocate in the TypeScript ecosystem, to the podcast.01:37: Josh shares his journey into enhancing software quality and security through open-source contributions.02:01: Analyzing the current landscape of application security and the ongoing challenges for developers.03:20: The potential of artificial intelligence in revolutionizing secure code practices and its limitations.04:28: Addressing the scarcity of developer resources and the impact on application security.07:21: Strategies for integrating essential security practices into development teams with constrained resources.10:13: Emphasizing the importance of establishing measurable success metrics in secure software development.13:02: The imperative of fostering effective communication between security and development teams for a robust security posture.18:08: Discussing the evolution of security tools and the significance of early integration in the development process (Shift Left).21:32: The role of risk management in aligning business objectives with security imperatives.25:04: Expressing optimism for the future of tech with advancements in tools and platforms facilitating better security integration.32:35: Josh's parting thoughts on leveraging ESLint plugins for vulnerability detection and the hopeful reduction of common security flaws.36:00: Conclusion of the conversation with a focus on the collective progress in cybersecurity and application development.38:10: Final words from Francesco Cipollone, encouraging listeners to engage with security within their development practices. Josh Goldberg Hi, I’m Josh! I’m an independent full time open source developer. I work on projects in the TypeScript ecosystem, most notably typescript-eslint: the tooling that enables ESLint and Prettier to run on TypeScript code. I’m also the author of the O’Reilly Learning TypeScript book, a Microsoft MVP for developer technologies, and an active conference speaker. My personal projects range from static analysis to meta-languages to recreating retro games in the browser. Also cats. Connect with Josh [bsky / GitHub / Mastodon / Twitter / Twitch / www] ...
    Show More Show Less

What listeners say about CSCP S4EP13 - Josh Goldberg - Crafting Secure Applications in the Age of AI with Josh Goldberg

Average Customer Ratings

Reviews - Please select the tabs below to change the source of reviews.

In the spirit of reconciliation, Audible acknowledges the Traditional Custodians of country throughout Australia and their connections to land, sea and community. We pay our respect to their elders past and present and extend that respect to all Aboriginal and Torres Strait Islander peoples today.