Episode 260: The Art of Teaching Secure Coding with Tanya Janca

https://is1-ssl.mzstatic.com/image/thumb/Podcasts122/v4/ba/d8/2e/bad82e93-4808-378e-51db-7998969753df/mza_14911023975293012637.png/600x600bb.jpg

The Security Ledger Podcasts

The Security Ledger

9 episodes

8 months ago

In this, our 70th episode of The Security Ledger podcast, we speak withXu Zou of the Internet of Things security startup Zingbox about the challenges of securing medical devices and clinical networks from cyber attack. Also: we take a look at the turmoil that has erupted around the OWASP Top 10, a list of common application security foibles. And finally: open source management vendor Black Duck Software announced that it was being acquired for more than half a billion dollars. We sit down with Black Duck CEO Lou Shipley to talk about the software supply chain and to hear what's next for his company.

All content for The Security Ledger Podcasts is the property of The Security Ledger and is served directly from their servers with no modification, redirects, or rehosting. The podcast is not affiliated with or endorsed by Podjoint in any way.

Episode 260: The Art of Teaching Secure Coding with Tanya Janca

The Security Ledger Podcasts

36 minutes 32 seconds

8 months ago

Episode 260: The Art of Teaching Secure Coding with Tanya Janca

In this episode of the podcast, host Paul Roberts welcomes Tanya Janca of She Hacks Purple back into the studio. Tanya talks about her newly released book: Alice and Bob Learn Secure Coding, published by Wiley and the larger problem of how to promote the teaching of secure coding practices to developers.

[Video Podcast] | [MP3] | [Transcript]

In today’s Security Ledger podcast, Paul welcomes the amazing Tanya Janca back to the studio. The founder of She Hacks Purple and the We Hack Purple community, Tanya does secure coding training, and developer relations at SemGrep. She’s a passionate advocate for teaching secure development practices and promoting secure application design.

In our conversation, Tanya dives deep into her new book, “Alice and Bob Learn Secure Coding,” a guide to secure coding for everyone from new- to experienced developers. We unravel her journey from doing coding to becoming a recognized expert in application security and secure software.

Tanya Janca is the founder of She Hacks Purple

Her journey highlights one of the software industry’s quirks: while the path to becoming a developer is straightforward, the paths to doing application security as a profession are seemingly arbitrary. Tanya’s own experiences underscore the need for secure coding to be intrinsic to every software developer’s education. And that was the inspiration for her new book, after Wiley’s Jim Minitel prompted her to write the book she would have wanted to read to make the transition from a developer to an application security professional.

Bridging the Gap Between Developers and Security

One of the big issues that complicate efforts to improve software security is the gap that exists between security and development teams .Contrary to popular belief, software developers and security teams operate in distinct realms with unique skill sets, and are often siloed within software development organizations.

This divergence calls for tailored approaches to instill security practices in software development—something her new book aims to achieve by addressing practical methodologies rather than dwelling solely on vulnerabilities.

In Alice and Bob Learn Secure Coding, Tanya explores the full breadth of secure coding practices, highlighting the importance of holistic practices across languages, frameworks, and technologies. She calls for a shift from relying on scare tactics to fostering a proactive, security-minded culture in software development teams. That includes a shift from the current focus on features and rapid release cycles to robust security measures. Tanya encourages developers to question existing norms and engage in conversations that could shift project trajectories towards more secure outcomes. That might include everything from questioning data permissions in application development to advocating for mandatory cybersecurity education for students and young software engineers.

“If you learn secure coding, you’re going to have less bugs later, which means you have less things to do later. If you are not creating the bugs in the first place, everything’s better, right? You save money, you save time, all these things.”— Tanya Janca, She Hacks Purple

One solution might be greater governmental involvement to establish robust cybersecurity...