The OWASP Podcast Series
186 episodes - English - Latest episode: 10 months ago - ★★★★★ - 23 ratingsThe OWASP Podcast Series is a recorded series of discussions with thought leaders and practitioners who are working on securing the future for coming generations.
Homepage Apple Podcasts Google Podcasts Overcast Castro Pocket Casts RSS feed
Episodes
ep2023-09 Vulnerable Data Gathering for AI with Arturo Buanzo Busleiman
October 02, 2023 15:02 - 32 minutes - 29.9 MBAfter getting a ping from an old friend about a potential new OWASP project, I had to bring him on as a guest. He's got an interesting idea around potential vulnerabilities in web crawlers which just happen to gather data for so many AI system. We talk about that, Cybersecurity and Government and so much more. Show Links: - LinkedIn https://www.linkedin.com/in/buanzo/ - Github https://www.linkedin.com/in/buanzo/
ep2023-08 Finding Next Gen Cybersecurity Professionals with Brad Causey
August 31, 2023 01:08 - 32 minutes - 30.1 MBFor years we've heard talk about a shortage of cybersecurity professionals so what can be done about that? In this episode, I speak to Brad Causey who has taken one approach he's found successful. We cover the trade-offs of his approach and how, should you agree with him, you can help fill those troubling vacancies at your company. Show Links: - SecurIT360 https://securit360.com/ - Offensive Security Blog https://offsec.blog/
ep2023-07 What's Audit got to do with IT
July 31, 2023 15:13 - 33 minutes - 30.9 MBIn this episode we talk with Zain Haq and take a leap and bound over the first and second line to discover more about the third line - internal audit. We discover answers to a number of questions: What role does audit play in the overall cybersecurity of an organization? What does the CISO gain from having an audit function? What makes a good auditor? Learn how to get the most out of audit and what they bring to the table. Special thanks to Tina Turner for inspiring the show title. ;-) Show ...
SBOMS, CycloneDX and Dependency Track: Automation for Survival with Steve Springett
June 27, 2023 14:44 - 29 minutes - 27.1 MBSoftware supply chain seems to be front and center for technologists, cybersecurity and many governments. One of the early pioneers in this space was Steve Springett with two highly successful projects: OWASP Dependency Track and CycloneDX. In this episode, we catch up with Steve to talk about how he got started in software supply chain management as well as the explosive growth for Dependency Track and ClycloneDX. We also touch on future developments for CycloneDX and places where Steve neve...
AppSec at 40,000 feet
May 22, 2023 15:35 - 44 minutes - 40.4 MBIn this episode I speak with Jerry Hoff who provides some very interesting perspective on application security especially at scale and from a high level view like that of a CISO. Even if you're not in a senior leadership position, you're likely to be reporting to one. Understanding that point of view can help you successfully frame your work and accomplish your goals. We touch on multiple topics and have some great back and forth that I'm sure will entertain and inform you. Enjoy!
2023-04 Rethinking WAFs: OWASP Coraza
April 30, 2023 21:18 - 29 minutes - 26.8 MBWAFs have been with us a while and it's about time someone reconsidered WAFs and their role in AppSec given the cloud-native and Kubernetes landscape. The OWASP Coraza is not only asking these questions but putting some Go code behind their ideas. Should WAFs work in a mesh network? Why create an open source WAF? What's next for the OWASP Coraza project? These and more topics are covered in this episode. I had a great time recording it and I think you'll have the same while listening. Show L...
2023-03 Point of Scary - the POS ecosystem
March 28, 2023 02:35 - 34 minutes - 31.9 MBIn this episode I speak with Aaron about Point of Sale or POS systems. He's been investigating the security of POS systems for quite some time now and brings to light the state of the POS ecosystem. Buckle your seat belts, this is going to be a bumpy and very interesting ride.
2023-02 Isolation is just PEACHy
March 01, 2023 03:07 - 33 minutes - 31.1 MBIn this episode I speak with Amitai Cohen who's been thinking a lot about tenant isolation. This is a problem for more then just cloud providers. Anyone with a SaaS offering or even large enterprise may want to isolate customers or parts of their business from each other. Several useful items came out of this including the Cloud VulnDB which catalogs security issues in cloud services and the PEACH tenant isolation framework. You may not think you need to worry about tenant isolation, but I be...
OWASP Ep 2023-01: Audit, Compliance and automation, Oh my!
January 31, 2023 04:12 - 27 minutes - 25.3 MBIn this episode, I speak with Caleb Queern, one of the authors of "Investments Unlimited" a book I highly recommend you get and read. While the book is fiction, there's a great deal of truth in the story about how automation can work for more than just DevSecOps. Compliance and audit also deserve a seat at the table. Learn how you can get more code out the door, with more safety and a 'risk reduced' smile on the auditors face. Show Links: - Investments Unlimited: https://itrevolution.com/pro...
2022 Year in Review
December 30, 2022 06:36 - 14 minutes - 13.2 MBIn this episode, I go solo and review the last year of podcasts but with a twist. I do my best to compare the topics covered to the OWASP Flagship projects. The goal is to see if the episodes I recorded this year match up with the projects strategically important to OWASP. Plus, the holiday listeners get gifts all around as I cover (and link) the OWASP Flagship projects. Show Links: - (January) New Ideas, New Voices, New Hosts: https://soundcloud.com/owasp-podcast/new-ideas-new-voices-new-ho...
You've got some Kubernetes in my AppSec!
November 28, 2022 17:02 - 41 minutes - 38.3 MBIn this episode, I speak with Jimmy Mesta, the project leader of the new OWASP Kubernetes Top 10. Beyond covering the actual Kubernetes Top 10 project, we cover how AppSec has expanded to cover other areas. You not only have to ensure that your application is secure, you need to ensure the security of the environment in which it runs. That environment is increasing becoming Kubernetes so what better than talk to someone who's protected Kubernetes clusters for years and trained many others to...
Little Zap of Horrors
October 31, 2022 06:47 - 33 minutes - 30.6 MBIn this episode, I speak with Simon Bennetts, the creator of OWASP Zed Attack Proxy lovingly known as ZAP. We talk about how it all got started, some of the surprises and lessons learned running a wildly successful open source project. We also cover how some security controls can sometimes actually hurt security. It's an interesting discussion I think you'll enjoy it just in time for Halloween. Show Links: - Zap Website: https://www.zaproxy.org/ - Zap Stats: https://www.zaproxy.org/docs/sta...
Breaching the wirefall with community
September 29, 2022 01:55 - 39 minutes - 36.3 MBIn this episode, Matt Tesauro hosts wirefall to talk about creating and growing a security community and his 26 years of pen testing experience. In wirefall's case, it's the Dallas Hackers Association or DHA. Our conversation includes what motivated him to create DHA, the lessons he's learned, challenges faced and what success looks like today. He provides some advice for those wanting to get into cybersecurity or be a part of the broader security community. Enjoy. Show Links: - DHA Meetup: ...
Going Way Beyond 2FA
August 31, 2022 01:25 - 30 minutes - 28.2 MBIn this episode, Matt Tesauro hosts Neil Matatall to talk about going beyond 2FA as he relates lessons learned from Twitter and Github on account security. This is another episode with some good nuggets of wisdom and some sound advice for those writing or maintaining APIs. It's obvious that Neil has not only spent time doing solid engineering work but he's learned a few things that he's willing to share. Enjoy. Show Links: - OWASP DevSlop Episode: https://www.youtube.com/watch?v=hrAKE6LaizE...
Getting Lean and Mean in the DefectDojo
July 20, 2022 00:19 - 30 minutes - 28.1 MBIn this episode, Matt Tesauro hosts Greg Anderson and Cody Maffucci to talk about OWASP DefectDojo. DefectDojo is an OWASP flagship project that aims to be the single source of truth for AppSec or Product Security teams. It provides a single pane of glass for security programs and can import and normalize over 150 different security tools. I thought that the OWASP podcast might just cover an OWASP project now and then so here we go. Show Links: - https://www.defectdojo.org/ - Github organi...
Giving a jot about JWTs: JWT Patterns and Anti-Patterns - OWASP Podcast e002
June 29, 2022 03:49 - 33 minutes - 30.6 MBIn this episode, Matt Tesauro hosts David Gillman about JWT Patterns and Anti-Patterns. I first met David at LASCON in the fall of 2021 when I sat in on his conference talk. Based on David’s experiences with JWTs we discuss where JSON Web Tokens can help and harm developers who use them. It seems like JWTs can be a mixed bag mostly determined by how you use them. Hopefully this episode will help you avoid any JWT sharp edges if or, more likely, when you work with them. Show Links: - Video ...
Threat Modeling using the Force with Adam Shostack - OWASP Podcast e001
May 26, 2022 02:47 - 47 minutes - 43.6 MBIn this episode, Matt Tesauro hosts Adam Shostack to talk about threat modeling - not only what it is but what Adam has learned from teaching numerous teams how to do threat modeling. Learn what makes a good threat model and some news about a new book from Adam to help further the spread of threat modeling with the end goal of more threat modeling and fewer security surprises. Enjoy! Show Links: - Threats Book site: https://threatsbook.com/ - Resources on Adam’s website: https://shostack.or...
The Void: Verica Open Incident Database
April 05, 2022 16:03 - 43 minutes - 32.8 MBWelcome back to the OWASP podcast. In this episode, we're headed to The VOID. I speak with Courtney Nash about the Verica Open Incident Database, otherwise known as The VOID, which is a collection of software-related incident reports available at https://www.thevoid.community/. It's a fascinating discussion about how, by gathering data from The VOID, we can make the Internet a safer and more resilient place. Courtney was super passionate about the research work she's doing. It was completel...
Fast Times at SBOM High with Wendy Nather and Matt Tesauro
March 24, 2022 15:30 - 42 minutes - 28.9 MBHello, it's Matt Tesauro. Welcome back to my take on the OWASP Podcast. It seems as if I'm turning my episodes into the equivalent of a conference hall track, those wonderful interactions you have at conferences, running between rooms at conferences, meeting up with smart minds you don't see all the time. I have the pleasure of reuniting with Wendy Nather, CISO Advisor Extraordinaire, for this episode. We had a very interesting conversation about Software Bill of Materials (SBOMs). Like many...
SAFe or UnSAFe at Any Speed
March 12, 2022 17:18 - 32 minutes - 23.5 MB“I absolutely hate SAFe!” -- Bryan Finster That is Bryan Finster, Distinguished Engineer at Defense Unicorns out of Colorado Springs. I was scrolling through LinkedIn a couple days ago, saw a thread on SAFe, The Scaled Agile Framework, and what I was seeing wasn’t exactly… well, what you’d expect to hear about a framework that’s being used by over 20,000 organizations, including the United States government. Before we get too much into it, here is the definition of SAFe. I took it directly...
Tanya Janca - She Hacks Purple
February 28, 2022 13:46 - 48 minutes - 34.9 MBHello, I'm Matt Tesauro, one of the OWASP Podcast co-hosts. I had the opportunity to interview Tanya Janca for this podcast. To be honest, I kind of wish it was a video recording because you'd be able to see the big smiles and vigorous head nodding during the recording. Tanya and I are in violent agreement about all things appsec, and it shows. There's a nice mix of general advice, war stories, and some good nuggets in this interview. I hope you enjoy it.
New Ideas. New Voices. New Hosts.
February 01, 2022 21:40 - 18 minutes - 13.6 MB8 years ago I took over the OWASP Podcast from Jim Manico, originator of the project. In that time over 160 episodes have been published, with over 500,000 downloads. It has been a fun project, but it’s time to change things up a bit. There is a lot going on at OWASP, even more going on with the technology industry when it comes to cybersecurity. It’s too much for one person to keep up with. Enter the idea of multiple co-hosts for the podcast. Many of you listening already know of Vandana Ve...
The InfoSec Color Wheel with Jasmine Henry
January 10, 2022 21:21 - 27 minutes - 19.5 MBWe’ve all heard of “Red Teams” and “Blue Teams” when it comes to cybersecurity. But what about the “Purple Team”, the “Yellow Team” or the “Blue Team”. What are those? In February of 2020, Louis Cremen introduced the InfoSec Colour Wheel to the security community. The wheel expands upon April Wright’s work on bringing builders into the security team. The value of the wheel is to show the various types of security teams, seven in all, and the role each plays in security. Jasmine Henry brough...
CYA - Cover Your Assets with Chris Roberts
August 09, 2021 05:58 - 44 minutes - 34.2 MBA couple weeks ago I read an article by Chris Roberts. The headline screamed, “Security Solved!” Security solved? What the hell was he talking about. Everyday there’s a new media storm around the latest breach or ransomware attack. There’s an entire industry built around the idea that security is hard, and the need for special equipment, software and people to even think about being secure. Chris was insistent. He professed that security is not hard nor complicated. Not only does he consid...
OWASP Flagship Projects - Episode 02
June 16, 2021 17:14 - 25 minutes - 20.8 MBIn this episode of the People | Process | Technology podcast, I speak with Seba Deleersnyder from the Software Assurance Maturity Model, Carlos Holguera and Sven Schleier from the Mobile Security Testing Guide, and Bjoern Kimminich from the Juice Shop Project. This is part of an ongoing podcast series, highlighting the OWASP Flagship Projects that will be featured at the OWASP 20th Anniversary Celebration in September. I talk with the project leads to hear what they have been working on for...
OWASP Flagship Projects - Episode 01
June 04, 2021 20:04 - 22 minutes - 19.6 MBIn this episode of the People | Process | Technology podcast, I speak with Simon Bennetts from the Zap Project, Christian Folini from the ModSecurity Core Rule Set Project, and Steve Springett from the Dependency Track Project. This is part of an ongoing podcast series, highlighting the OWASP Flagship Projects that will be featured at the OWASP 20th Anniversary Celebration in September. I talk with the project leads to hear what they have been working on for the past year, what their plans ...
The Cyber Defense Matrix Project with Sounil Yu
April 21, 2021 16:18 - 22 minutes - 17 MBIn 2020, Security Magazine listed Sounil Yu as one of the most Influential People in Security in 2020, in part because of his work on the Cyber Defense Matrix, a framework for understanding and navigating your cybersecurity environments. The Cyber Defense Matrix started as a project when Sounil was the Chief Security Scientist at Bank of America. The initial problem he focused on with the matrix was how to evaluate and categorize vendors and the solutions they provided. The Cyber Defense M...
2021 OWASP Top 10 with Andrew van der Stock
March 26, 2021 16:29 - 15 minutes - 11.9 MBThe Top 10 is considered one of the most important community contributions to come out OWASP. In 2003, just two years after organization was started, the OWASP Top 10 was created. The purpose of the project was to create an awareness document, highlighting the top ten exploits security professionals should be aware of. Since that time, innumerable organizations have used it as a guideline or framework for creating security programs. The current Top 10 list was released four years ago, in 2017...
The Ops Side of DevSecOps w/ Damon Edwards
January 29, 2021 19:57 - 24 minutes - 16.9 MBWhen Shannon Lietz and the team at DevSecOps.org published the DevSecOps Manifesto six years ago, security was uppermost in their minds. The manifesto starts with a call to arms… “Through Security as Code, we have and will learn that there is simply a better way for security practitioners, like us, to operate and contribute value with less friction. We know we must adapt our ways quickly and foster innovation to ensure data security and privacy issues are not left behind because we were too ...
A Note from the Executive Producer
January 27, 2021 18:27 - 3 minutes - 2.91 MBThis is Mark Miller, Executive Producer. Over the years as I’ve produced the show, the topics of focus have followed the trends in the industry. What was originally called “The OWASP Podcast” became “OWASP 24/7” and then “The DevSecOps Podcast”. Each change brought with it a new audience, extending our community from exclusively OWASP practitioners, to DevOps and DevSecOps advocates. The audience for the podcast has grown, with close to 500,000 listens of the 150 episodes. We’ve covered ...
A New Vision for the Future of OWASP, with Executive Director, Andrew van der Stock
July 18, 2020 21:19 - 30 minutes - 35.6 MBOWASP is in a state of discord. Over the past few years, there have been fractures in the community. Recently, there have been arguments on the leader email list that have clearly breached the lines of etiquette. Personal attacks, distribution of funds, and complaints of lack of diversity are creating tension among the members. If we, as an organization refuse to confront these issues, there is a real potential we will no longer have relevance to the AppSec community. The in-fighting has bec...
Exploring the LinkedIn Algorithm
May 11, 2020 16:44 - 41 minutes - 52.7 MBIn this episode of the DevSecOps Podcast, we’re going to go off script and explore the LinkedIn algorithm. I could tie this back to DevSecOps, and how all of us need visibility for our work, or how important it is to build a community around our ideas, but the real reason is… I find this fascinating. One of the largest community engagement platforms in the world encourages us to play their game, but doesn’t tell us what the rules are! How are we to determine the best way to participate, when...
The Demise of Symantec by Richard Stiennon
March 20, 2020 16:12 - 14 minutes - 20.6 MBWhen I read Richard Stiennon's latest article in Forbes, The Demise of Symantec, I thought it was absolutely fascinating. Richard walks through the process of what happened at Symantec, how it was an acquisition engine for so many years, and now how it's started to decline. I got in touch with Richard and told him I'd like to have him read his article for the podcast, and he responded right away. What you'll hear in this episode is Richard talking about and reading from his article, The Demi...
Equifax and the Road Ahead w/ Bryson Koehler
March 04, 2020 13:44 - 23 minutes - 30.6 MBEquifax is trying... I mean REALLY trying... to regain your trust. The Equifax CTO and CISO delivered the keynote at DevSecOps Days during 2020 RSAC. They contributed to multiple sessions and panels during the conference. The message was consistant: "Yes, we had a major problem. Here's what we're doing about it. Here's what you can learn from us." From a technical perspective, Bryson Koehler, CTO, and Jamil Farshchi, CISO, took on all questions from the audience. Nothing was out of bounds. Th...
Making Everyone Visible in Tech - Jaclyn Damiano
February 07, 2020 21:32 - 38 minutes - 51 MBIf you like what you hear, you can download the entire book at sonatype.com/epicfailures As we were putting the finishing touches, getting ready to publish the latest version of Epic Failures in DevSecOps, I reread Jaclyn Damiano's chapter and was struck by how unique her message is. This is a personal story, one that will resonate with many people in the tech industry. It's a story of beginnings, of hardships, of leadership and finally, how all that combines into something much bigger than...
How to Engage 4000 Developers in One Day
November 14, 2019 18:17 - 17 minutes - 27 MBWhen Derek Weeks and I started All Day DevOps in 2016, we were unsure as to whether anyone would be interested.It's now four years later. Last week we had close to 37,000 people register for the event. We're still trying to wrap our head around the scale of something that generates a world wide audience in the tens of thousands for a 24 hour conference. One of the things that has grown organically from All Day DevOps is a concept called "Viewing Parties". It's an idea the community has crea...
Code Rush, DevOps and Google: Software in the Fast Lane
October 17, 2019 19:14 - 28 minutes - 44.2 MBShortly after watching the documentary, Code Rush, I met with Tara Hernandez, the hockey stick carrying lead of the Netscape project that was being documented. We sat down at the Jenkins World Conference in San Francisco to talk about the effect that project had on her career, what she has been doing since with her position at google, and what she hopes to be working on in the coming years. We started our conversation by exploring the relationship between the Netscape project in 1998 and th...
The Unicorn Project w/ Gene Kim
October 16, 2019 17:40 - 44 minutes - 56.2 MBEdwards Deming went to post-war Japan in the late 1940s to help with the census. While there, he built relationships with some of the main manufacturers in the region, helping them understand the value of building quality into a product as part of the production process, thus lowering time to market, eliminating rework and saving company resources. In his 1982 book, "Out of the Crisis", Deming explained in detail why Japan was ahead of the American manufacturing industry and what to do about....
DevOps, DevSecOps and the Year Ahead w/ Sacha Labourey
October 07, 2019 19:03 - 33 minutes - 47.5 MBOnce a year, Sacha Labourey and I sit down to discuss the past year and what the coming year looks like for DevOps and Jenkins. As CEO of CloudBees, Sacha has broad visibility into the progress of the DevOps/DevSecOps communities. We started our talk this year, commenting on the growth of the Jenkins World conference, with over 2000 attendees... what does Sacha attribute that to and does it coincide with the growth within the DevOps community. We continued our discussion by examining how cul...
Is it time to trust Equifax again? You decide.
September 17, 2019 21:25 - 35 minutes - 58.4 MBI was affected by it. You were affected by it. We were all affected by the Equifax breach in September 2017. The truly interesting thing about it is, Equifax wasn't the only company hit by the struts 2 vulnerability that day. Many other companies were hit by it within that time period, but Equifax became the poster child for the main stream media. It was just too easy of a target because of consumer visibility. In the two years since the breach, Equifax has been working hard to restore its ...
2019 Global AppSec Conference DC w/ Ben Pick
August 23, 2019 22:10 - 20 minutes - 22 MBOWASP supports a global conference in North America each year, bringing together the projects, teams and chapters who make this one of the largest security tribes in the world. In this episode of the DevSecOps Podcast Series, I speak with Ben Pick one of the organizers of the conference about what's important about this type of gathering and what you can expect when attending. https://dc.globalappsec.org/
2019 State of the Software Supply Chain Report
June 27, 2019 20:11 - 33 minutes - 35.9 MBThe 2019 State of the Software Supply Chain Report was released on June 25th. The report is an analysis of the answers from over 5500 participants, allowing data researchers the ability to extrapolate what the most productive enterprises are doing when it comes to managing the software supply chain, and how that compares to less efficient development practices. The purpose of the analysis was to objectively examine and empirically document, release patterns and hygiene practices across 36,000...
The Vanity of Diversity
May 15, 2019 16:52 - 26 minutes - 28.6 MBLet's not talk around the subject here... women are under represented when it comes to speaking or participating in tech conferences. It's a male dominated culture. When I saw Lani Rosales had published, "The Ultimate list of Austin women who can speak at your tech event" in response to the complaint that there are no women speakers available in the tech industry, I called her right away. As co-founder of the world's largest DevOps conference, All Day DevOps, and as one of the core organizer...
Create and Manage Internal Tech Conferences
May 08, 2019 17:24 - 37 minutes - 40 MBI produced my first concert at the San Anselmo Playhouse in 1979. It was the first in a series of events that has lasted 40 years. I have produced more than 300 events and participated in many hundreds more as a speaker and participant. As the producer of this many events, I have an internal map of what to do to make an event successful, the steps to create and manage the logistics of an event, and how to promote them. All Day DevOps, a live online conference I co-founded with Derek Weeks, ha...
Securing the Software Supply Chain - Live Panel for International Conference on Cyber Engagement
May 06, 2019 16:50 - 1 hour - 86.3 MBIn April 2019, I was invited to host a panel at the International Conference on Cyber Engagement in Washington DC, to discuss "Securing the Software Supply Chain". On the panel were four of the top voices in software supply chain management: - Edna Conway, Chief Security Officer, Global Value Chain, at CISCO - Joyce Corell, Assistant Director, Supply Chain and Cyber Directorate, National Counterintelligence and Security Center, US Office of the Director of National Intelligence - Bob Kolask...
Tel Aviv and the 2019 Global AppSec Conference
May 01, 2019 14:47 - 18 minutes - 19.2 MBWhen I think of Tel Aviv, I imagine a robust, young culture, living a good, fun life. Not only is the culture conducive to a young life style, its tech industry continues to gain traction. As Wired Magazine said last August, "Israeli startups have always been high on Silicon Valley shopping lists, but Tel Aviv is beginning to shake off its reputation as Europe’s exit capital." Zebra, the medical diagnostics company, MyHeritage online family tree service, Via ride sharing service, and the Waze...
Persectives on the "Sec" in DevSecOps w/ Tanya Janca
April 16, 2019 16:25 - 44 minutes - 42.3 MBIf you've read the Phoenix Project, you'll remember Brent, the indispensable cog on the operations team. Brent was a good guy, he wanted to do the right things, all of the right things, but was pulled in all directions because of the lack of a unified plan for the company's project workflow. But what if Brent didn't want to do the "right" thing? What if Brent was more interested in the convenience of getting his work done than he was in the overall health and output of the project. What if he...
2019 Open Security Summit Preview
April 09, 2019 17:23 - 19 minutes - 19.2 MBThree years ago there was an idea floating around OWASP... a core community was looking for a way to have an isolated week, where security project working groups could get together, with no distractions, and work on projects they felt were important. From this idea, the Open Security Summit was founded. Now in it's third year, the summit takes place in an isolated forest located between London and Manchester. The format for the gathering is to present an environment, with no distractions, w...
What is an SBOM and Why Should You Care? w/ Allan Friedman
April 02, 2019 12:46 - 33 minutes - 34 MBOpen-source components and their use within the software supply chain has become ubiquitous within the past few years. Current estimates are that 80-90% of new software applications consist of open-source components and frameworks. Section A9 of the OWASP Top 10 places components with known vulnerabilities as one of the most prevalent and abused parts of the software supply chain, placing it at a security weakness level of three, on a scale from one to three. Quoting from the OWASP descriptio...
What is Chaos Engineering, an Interview with Casey Rosenthal
March 18, 2019 15:49 - 29 minutes - 28.6 MB"Chaos engineering is an empirical practice of setting up experiments to figure out where your system is vulnerable so that you can know that ahead of time and proactively fix some of these vulnerabilities in your system." -- Casey Rosenthal In this broadcast, I speak with Casey Rosenthal about the beginnings of Chaos Engineering and Netflix and how the concept has morphed into a cross-industry community, sharing ideas through local chaos conferences.