🎙️ Coffee, Chaos & ProdSec – Ep 10

This week, Cameron and Kurt sit down with the co-founders of the OWASP Secure Pipeline Verification Standard to unpack the real story behind SPVS and why the industry desperately needed a pipeline-focused security standard.

From the early days of chaotic DevSecOps practices and scattered controls, to the moment the community rallied behind a structured, prescriptive approach, this episode dives into how SPVS came to life and the problems it set out to fix. Your hosts explore the gaps between policy and practice, why pipelines became the new enterprise battleground, and how SPVS is changing the way teams think about CI and CD security.

You will hear candid insights on the earliest design debates, the tradeoffs that shaped the framework, and the push to create something both practical and auditable. It is a conversation that connects the dots between pipeline pain, cultural friction, and the growing need for predictable, verifiable controls in modern software delivery.

If you work in AppSec, Product Security, DevSecOps, platform engineering, or you are simply curious about how community standards evolve, this episode offers a rare look inside the origin, intent, and future of SPVS.

☕ Grab your coffee, settle in, and follow along as we explore how pipeline chaos turned into pipeline clarity.