Hovercrafts and application security in the new year. We revisit last year's predictions on Quantum LLM, SBOMs, and whether DAST tools will make a comeback. With humor and forward-thinking, we explore what the future might hold for application ...

What makes a conference truly valuable? Is it the unexpected connections and serendipitous meetings of minds, or the chance to break free from the "security echo chamber" by exploring diverse conference experiences? We discuss the consideration...

We debate the necessity and efficiency of LLMs in finding code vulnerabilities in a C library compared to traditional static code analyzers and fuzzing techniques. The conversation explores broader topics in application security testing, includ...

We discuss a controversial LinkedIn post claiming "Threat Modeling is Dead." While the STRIDE methodology may need updating, it remains a valuable "gateway" tool for teaching security concepts to developers without security backgrounds. We disc...

A good discussion today covering two different articles, the first covers CISA's list of product security "bad practices", questioning whether it provides real value or is just content marketing. Then the discussion moves onto an article about ...