Jeremiah Grossman, an application security pioneer and former CEO of WhiteHat Security, shares insights from his extensive career, including his influence on OWASP. The discussion reveals the evolution of web application security, highlighting past vulnerabilities like SQL injection and the complexities of modern compliance. Jeremiah emphasizes the need to align developer incentives with security priorities, while also navigating the emerging challenges posed by AI-generated code. He draws fascinating parallels between Brazilian Jiu-Jitsu and cybersecurity, advocating for continuous learning and collaboration.
36:57
forum Ask episode
web_stories AI Snips
view_agenda Chapters
auto_awesome Transcript
info_circle Episode notes
question_answer ANECDOTE
Early Web Vulnerabilities
Early websites were easily hackable due to prevalent SQL injection and cross-site scripting vulnerabilities.
Frameworks and increased awareness have improved web application security over time.
insights INSIGHT
Framework Reliance
Frameworks help eliminate vulnerabilities like SQL injection and cross-site scripting.
Developers relying on frameworks may lack experience fixing these issues when they arise.
Join Jeremiah Grossman, application security pioneer and former CEO of WhiteHat Security, as he reflects on decades of innovation in the industry, from the early days of OWASP to today’s AI-driven development landscape. Explore critical discussions about the escalating costs of security, aligning developer incentives, and the future challenges posed by AI-generated vulnerabilities. Packed with insights, this episode dives deep into the strategies and frameworks shaping the way we build and secure modern software.
Show Notes
In this episode of The Secure Developer, we sit down with Jeremiah Grossman, a pioneer in application security and former CEO of WhiteHat Security. Jeremiah shares fascinating insights from his decades of experience shaping the security landscape, including the origins of the OWASP project and his role in raising awareness about critical vulnerabilities like SQL injection and cross-site scripting.
The conversation delves into how the industry has evolved over the past two decades, from the early days when nearly every application was riddled with vulnerabilities to today’s more robust frameworks and heightened security awareness. Despite these advancements, Jeremiah and Danny discuss why security spending remains high while organizations continue to struggle with improving their overall security posture.
Key topics include:
The misalignment of incentives in software development that prioritizes speed over security.
The emerging role of cyber insurance in shaping organizational security practices.
The challenges of unknown assets and their contribution to breaches, highlighting the importance of asset inventory and attack surface management.
The impact of AI on software development, particularly the risks and opportunities presented by AI-generated code and new attack surfaces.
Jeremiah also shares his thoughts on aligning incentives for secure development, including innovative approaches like developer performance metrics and reward structures for secure coding. The episode concludes with a look at Jeremiah’s current focus on venture capital and fostering innovation in security, as well as his personal passion for Brazilian jiu-jitsu and its parallels with the security industry.
This episode is a deep dive into the critical challenges and opportunities facing modern security professionals, offering actionable insights and thought-provoking discussions for developers, CISOs, and security practitioners alike.