SE Radio 584: Charles Weir on Ruthless Security for Busy Developers

Charles Weir—developer, security researcher, and
Research Fellow at Security Lancaster—joins host Giovanni Asproni
to discuss an approach that development teams can use to create
secure systems without wasting effort on unnecessary security
work. The episode starts with a broad description of the
approach, which is based on Weir's research and on a free
Developer Security Essentials workshop he created. Charles
presents some examples from real-world projects, his view on AI's
impact on security, and information about the workshop and where
to find the materials. During the conversation, they consider
several related topics including the concept of "good enough"
security; security as a product decision; risk assessment,
classification, and prioritization; and how to approach security
in startups, greenfield, and legacy systems.