Security Weekly Podcast Network (Audio) Figuring Out Where to Start with Secure Code - ASW #358
Nov 25, 2025
Explore the world of secure coding with insights on the OWASP Top 10 and security program strategies. Co-hosts compare the importance of secure by design versus merely passing scanner results. They debate the use of fuzzing and the dangers of homegrown cryptography. Learn about integrating security practices into developer workflows and making security context relevant to user stories. Delve into threat modeling and best practices for embedding security in software development while balancing business needs.
AI Snips
Chapters
Transcript
Episode notes
Bot-Created Commits Hit Token Limits
- Mike recounts a developer who had a bot create commits and hit token limits.
- The story highlights practical pitfalls when relying on unthrottled models for automation.
Automate Fuzzing In Your Pipeline
- Add fuzzers into CI/CD to catch regressions and maintain security over time.
- Run long-running fuzz jobs outside the fast CI pipeline to avoid slowing releases.
Pick What To Fuzz, Not Just The Fuzzer
- Choosing what to fuzz is often harder than choosing the tool itself.
- Focus fuzzing on critical paths, not short-lived internal code, to maximize signal.