More The Secure Disclosure episodes
Published 22 Apr 2026
Duration: 00:38:13
Gaps in cybersecurity education, persistent vulnerabilities like SQL injection, OWASP data limitations, evolving supply chain risks, high training costs, AI's contextual challenges, and the need for secure-by-design principles and collaboration highlight systemic challenges in addressing evolving cyber threats.
Tanya Janca joins the podcast for a sharp, no-nonsense conversation on the OWASP Top 10, why secure coding still gets skipped, and how AI is reshaping...
The podcast explores critical challenges in cybersecurity education and practice, emphasizing a lack of formal training in concepts like access control, which leaves developers unprepared for real-world threats. Despite collaborative efforts like the OWASP Top 10 projectwhich identifies top web application risksgaps in breach reporting and persistent issues such as broken access control highlight ongoing struggles to address foundational security principles. Industry-wide, repetitive vulnerabilities like SQL injection and injection flaws persist due to inadequate education, outdated tools, and a developer focus on feature-building over early security integration. Efforts to democratize training, such as community programs and open resources, aim to overcome cost barriers and improve awareness, though challenges remain in making security education accessible and effective.
AIs emerging role in security is both promising and complex. While AI can reduce vulnerabilities in code generation and prompt secure practices, its effectiveness is limited by contextual understanding and reliance on human review. Persistent debates around supply chain vulnerabilities underscore the need for systemic solutions beyond third-party dependencies, especially in high-stakes areas like medical devices, where low-level languages introduce memory safety risks. Behavioral economics and nudgessuch as default settings and choice architectureare proposed to encourage secure coding without coercion. Additionally, the discussion emphasizes shifting from reactive security tools to proactive "security by design," layered defenses, and fostering collaboration between developers and security teams through community engagement and shared knowledge.
The evolving landscape also raises questions about the future of security roles amid AI advancements. While automation may streamline tasks like penetration testing, it risks displacing entry-level positions, pushing the field toward specialized expertise in creative problem-solving and ethical oversight. Persistent challenges include balancing automation with human judgment, ensuring AI-driven tools maintain accuracy, and addressing systemic gaps in risk prioritization and training quality. The conversation culminates in calls for integrated security practices, pragmatic risk management, and the reimagining of security education to meet the demands of an AI-driven era while preserving the critical role of human insight and accountability.
15 Apr 2026 The Future of Hacking is Agentic w/ Jason Haddix
Recommended: Security Testing will change, and might change quicker than this episode suggests. Keep Security Top of Mind during Development.
AI transforms security with automated penetration testing and threat detection, but requires human oversight to mitigate risks like prompt injection, ensure ethical use, and balance AI efficiency with creative problem-solving in an evolving threat landscape.
7 Apr 2026 Open Source Malware, Supply Chain Risk, and Contagious Interviews: w/ Paul McCarty and Jenn Gile
Cyberattacks exploit developers and non-technical roles via social engineering and malware, with inadequate detection systems, state-sponsored threats targeting open-source ecosystems, and proposed solutions like the Open Source Malware Initiative and registry reforms to enhance tracking, accountability, and threat intelligence sharing.
2 Apr 2026 Bugcrowd Founder Casey Ellis: AI Slop, and the Future of Hacking
Ethical hacking evolved from underground communities to enterprise-driven security frameworks, addressing stigma and legacy systems, AI's dual role in threat detection and synthetic risks, and the need for secure-by-design practices, hybrid human-AI strategies, and managing supply chain vulnerabilities amid evolving cyber threats.
25 Mar 2026 Are Humans the Weakest Link in Security? w/ Sean Juroviesky
Securing organizations requires aligning human-centric workflows and communication with embedded, frictionless security practices, addressing human error through behavior monitoring and training, managing shadow IT/AI via collaboration and inventory, balancing usability with targeted access controls, and fostering proactive security culture through education and storytelling rather than enforcement.
17 Mar 2026 AI Agents Must Have Identity & Access Control w/ Johannes Keienburg
Autonomous AI agents, with transformative productivity potential, pose significant security, accountability, and governance challenges requiring dynamic access controls, human oversight, and industry-wide standards to ensure safe and regulated integration.