Published 14 Apr 2026
Duration: 00:30:06
Developers face challenges in understanding software security concepts like cryptography and encryption, with the text advocating simplified education, use of existing protocols, avoiding AI code pitfalls, and practical principles from the book *Software Security for Developers*.
This interview was recorded for the GOTO Book Club. http://gotopia.tech/bookclub Check out more here: https://gotopia.tech/episodes/428 Laurentiu Spil...
The podcast episode focuses on improving developer security education by addressing common misconceptions and challenges. A central theme is making security concepts accessible to all developers, emphasizing simplicity and practical application over complex mathematics. The discussion highlights how developers often overlook security in favor of functional features due to its perceived difficulty, and how entry-level developers may avoid security topics due to a lack of beginner-friendly resources. The book Software Security for Developers aims to bridge this gap by simplifying core concepts like cryptography, encryption, and hashing, using Java and Spring examples while underscoring universal principles applicable to all languages. It stresses the importance of understanding security protocols and tools (e.g., distinguishing encryption from hashing) to make informed implementation choices.
Common pitfalls include confusion between encoding (e.g., Base64), encryption, and hashing, as well as misuse of standards like OAuth 2.0, JWT, and SAML. The episode underscores the risks of reinventing security protocols rather than leveraging established libraries (e.g., Spring Security) and highlights the dangers of custom implementations, which can introduce vulnerabilities due to misunderstandings of specifications. Additionally, the discussion touches on the role of AI in development, noting that while tools like code generators can enhance productivity, they risk producing insecure code if developers lack foundational security knowledge. The importance of understanding data formats, token structures, and certificate management (e.g., public/private keys, trust chains) is emphasized to prevent severe production issues.
The book is currently in early access, with updates planned based on reader feedback. It addresses the need for developers to critically evaluate AI-generated code, ensuring security compliance and avoiding over-reliance on automation. Overall, the episode advocates for structured security education, the use of standardized protocols, and clear terminology to empower developers of all skill levels to build secure systems without unnecessary complexity.
5 Jun 2026 Roc & Zig: A Compiler Rewrite Story Anjana Vakil & Richard Feldman
The text covers Rock's evolution as a simplified, statically typed alternative to Elm with a Zig-based compiler, AI's expanding role in software development beyond automation, open-source challenges, education's shift toward conceptual understanding, and the tension between rapid AI-driven productivity and quality-focused project development.
2 Jun 2026 Tech Truth: Agile Evolution & the Future of SW Engineering Martin Fowler & Kent Beck
Software development practices, structured communication methods, Agile framework critiques, AI integration challenges, evolving programming approaches, and the necessity of adaptation, mentorship, and balanced automation-human oversight.
29 May 2026 Spec-Driven Dev Is Back. But Not How You Think Daniel Terhorst-North & Gojko Adzic
The text critiques rigid, static spec-driven development, advocating for iterative, feedback-driven processes with human-centric design, guardrails, and domain-specific automation to address AI and tooling limitations in code quality and readability.
26 May 2026 Connection is Everything: Extended Q&A Ken Hughes
The text highlights the symbiotic relationship between employee and user experience, advocating for empowering employees to align with organizational purpose, prioritizing relational over transactional interactions through frameworks like "Desire to Invest," leveraging AI for personalized engagement, fostering authentic connections amid post-pandemic challenges, and emphasizing sustainable, human-centric practices to balance scalability with individualized care.
22 May 2026 State of the Art of Java in 2026 Ben Evans
Java's enduring relevance is highlighted through its adaptability to AI and emerging tech, robust LTS versions, modern features like modules and virtual threads, and ongoing efforts to balance innovation with core stability through initiatives like Valhalla and the Vector API.