What Security Teams Need To Understand About Developers The Stack Overflow podcast

Over 20 million podcasts, powered by

Artwork

Stack Overflow MBA Society Business Programming Tech Software Development

Content provided by Stack Overflow and The Stack Overflow Podcast. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by Stack Overflow and The Stack Overflow Podcast or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://staging.podcastplayer.com/legal.

The Stack Overflow Podcast « »
What security teams need to understand about developers

6M ago 22:27

Share

MP3•Episode home

Content provided by Stack Overflow and The Stack Overflow Podcast. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by Stack Overflow and The Stack Overflow Podcast or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://staging.podcastplayer.com/legal.

NightVision offers web and API security testing tools built to integrate with developers’ established workflows. NightVision identifies issues by precise area(s) of code, so devs don’t have to chase down and validate vulnerability reports, a process that eats up precious engineering resources. Get started with their docs.

Connect with Kinnaird on LinkedIn.

Stack Overflow user Cecil Curry earned a Populist badge with their exceptionally thoughtful answer to In Python how can one tell if a module comes from a C extension?.

Some great excerpts from this episode:

“From the program side, I would say if you're running a security program or you're starting from day one, there's a danger with security people and being the security person who's out of touch or doesn't know what the life of a developer is like. And you don't want to be that person. And that's not how you have actual business impact, right? So you got to embed with teams, threat model, and then do some preventative security testing, right? Testing things before it gets into production, not just relying on having a bug bounty program.”

“With code scanning, you're looking for potentially insecure patterns in the code, but with dynamic testing, you're actually testing the live application. So we're sending HTTP traffic to the application, sending malicious payloads in forms or in query parameters, et cetera, to try to elicit a response or to send something to an attacker controlled server. And so using this, we're able to. Not just have theoretical vulnerabilities, but exploitable vulnerabilities. I mean, how many times have you looked at something in GitHub security alerts and thought, yeah, that's not real. That's not exploitable. Right. So we're trying to avoid that and have higher quality touch points with developers. So when they look at something, they say, okay, that's exploitable. You showed me how. And you traced it back to code.”

… continue reading

835 episodes

#Stack Overflow #MBA #Society #Business #Programming #Tech #Software Development

Artwork

What security teams need to understand about developers

The Stack Overflow Podcast

38,275 subscribers

published 6M ago

Share

MP3•Episode home

Content provided by Stack Overflow and The Stack Overflow Podcast. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by Stack Overflow and The Stack Overflow Podcast or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://staging.podcastplayer.com/legal.

NightVision offers web and API security testing tools built to integrate with developers’ established workflows. NightVision identifies issues by precise area(s) of code, so devs don’t have to chase down and validate vulnerability reports, a process that eats up precious engineering resources. Get started with their docs.

Connect with Kinnaird on LinkedIn.

Stack Overflow user Cecil Curry earned a Populist badge with their exceptionally thoughtful answer to In Python how can one tell if a module comes from a C extension?.

Some great excerpts from this episode:

“From the program side, I would say if you're running a security program or you're starting from day one, there's a danger with security people and being the security person who's out of touch or doesn't know what the life of a developer is like. And you don't want to be that person. And that's not how you have actual business impact, right? So you got to embed with teams, threat model, and then do some preventative security testing, right? Testing things before it gets into production, not just relying on having a bug bounty program.”

“With code scanning, you're looking for potentially insecure patterns in the code, but with dynamic testing, you're actually testing the live application. So we're sending HTTP traffic to the application, sending malicious payloads in forms or in query parameters, et cetera, to try to elicit a response or to send something to an attacker controlled server. And so using this, we're able to. Not just have theoretical vulnerabilities, but exploitable vulnerabilities. I mean, how many times have you looked at something in GitHub security alerts and thought, yeah, that's not real. That's not exploitable. Right. So we're trying to avoid that and have higher quality touch points with developers. So when they look at something, they say, okay, that's exploitable. You showed me how. And you traced it back to code.”

… continue reading

835 episodes

#Stack Overflow #MBA #Society #Business #Programming #Tech #Software Development

All episodes

×

Artwork

1
Defending the realm: Trust and safety at Stack Overflow 37:25

23 hours ago37:25

37:25

The Trust and Safety team is using aliases in this episode. Learn more about who the Community Management team is at Stack Overflow. Explore how we keep our community safe in our Code of Conduct . Congratulations to Lifeboat badge recipient Arvin Yorro , who won it for their helpful answer to the question Docker Desktop - WSL update failed .…

Artwork

1
"My job is going to change in a dramatic way”: Exploring the future of the internet with Cloudflare 23:09

2 days ago23:09

23:09

Dane shares his excitement about the Model Context Protocol (MCP), exploring its potential impact on the future of technology. The discussion turns to the growing need for sustainable content monetization and fair compensation for creators in an AI-driven world, and how this connects to Cloudflare’s mission to build a better internet. The conversation also: Explores how Cloudflare leverages AI internally to enhance developer productivity and improve code quality while keeping developers as owners of their work. Covers Cloudflare’s innovative organizational structure and their journey toward becoming an AI-first company. Episode notes: Connect with Dane on LinkedIn or X , and learn more about Cloudflare . Read more about Knowledge Solutions , a data licensing offering that provides continuous access to Stack Overflow’s public dataset. Learn more about creating a private instance of Stack Overflow for your team or org with Stack Overflow for Teams.…

Artwork

1
After 30 years, Java is still brewing up new features 27:31

4 days ago27:31

27:31

Connect with Georges on LinkedIn and see his work on inside.java . Listen to our previous episode with Georges, a celebration of Java’s 25th anniversary. Today we’re shouting out the age-old question What is a NullPointerException, and how do I fix it? , which was answered 31 times as a community effort.…

Artwork

1
“We’re not worried about compute anymore”: The future of AI models 25:51

8 days ago25:51

25:51

Together AI is a platform for building with open-source and specialized multimodal models. Check out their docs . Connect with Jamie on LinkedIn . Shoutout to user aryaxt who earned a Stellar Question badge by wondering about MySQL Data - Best way to implement paging? .

Artwork

1
Better vibes and vibe coding with Gemini 2.5 33:03

11 days ago33:03

33:03

Gemini 2.5 is DeepMind’s most advanced model yet, with strong reasoning and coding capabilities. Connect with Tulsee on LinkedIn . Connect with Logan on LinkedIn and Stack Overflow . Check out our previous episode with Logan, we discussed his unique path from coding to AI to product, the challenges of non-determinism in AI models, and surprising lessons from working at the Apple Store. Congrats to Populous badge winner Pascal MARTIN for answering the question PHP echo vs PHP short echo tags .…

Artwork

1
Banking on a serverless world 23:28

15 days ago23:28

23:28

Explore how Capital One is using tech to innovate the banking experience here . Connect with Kathleen on LinkedIn and visit her blog . Shoutout to user Theraot for answering the questions How to connect a signal with extra arguments in Godot 4 , which won them a Lifeboat badge .

Artwork

1
If an attacker can edit your mobile code, how do you defend your app? 28:31

17 days ago28:31

28:31

SPONSORED BY GUARDSQUARE Learn more about mobile application security and how to protect your app. Congrats to Lifeboat badge winner Chitrakshi for rescuing TypeScript Error: No overload matches this call in Express route handler .

Artwork

1
In a deterministic simulation, you can debug with time travel 28:20

18 days ago28:20

28:20

Antithesis is an autonomous testing platform that finds bugs in your software with perfect reproducibility. Connect with Will Wilson on Linkedin . Congrats to user hannes neukermans whose question How can I do tag wrapping in Visual Studio Code? won them a Stellar Question badge . Our 2025 Developer Survey is live ! We want to know what your developer life is like!…

Artwork

1
Getting rid of the pain for developers on Shopify 30:05

22 days ago30:05

30:05

Check out Shopify’s newest updates on their editions page , including Horizons and their new AI capabilities with Sidekick. Connect with Glen Coates on LinkedIn and X . Shoutout to Stellar Question badge winner nouptime for asking Converting string to byte array in C# .

Artwork

1
Understanding the limitations of AI is crucial for enterprise success 32:03

23 days ago32:03

32:03

The discussion also: Touches on the role, evolution, and adoption of AI agents, emphasizing their growing integration into systems, while addressing key safeguarding measures to ensure AI agents can accurately use data to reason effectively. Explores how Abnormal AI utilizes AI to detect and protect against cybersecurity threats, and how Dan and his team are leveraging AI to drive compounding productivity within their organization. Connect with Dan Shiebler on LinkedIn and learn more about Abnormal AI .…

Artwork

1
“The future is agents”: Building a platform for RAG agents 32:29

25 days ago32:29

32:29

Contextual AI offers a platform for building RAG agents. Get started with their docs here . Connect with Douwe on LinkedIn . Congrats to Stack Overflow user Smrutiranjan Sahu , who earned a Stellar Question badge by asking How to define type for a function callback (as any function type, not universal any) used in a method parameter .…

Artwork

1
WBIT #8: Typescript for gut biomes 44:40

26 days ago44:40

44:40

Jona provides an AI-powered gut biome test for clinicians and patients alike. Connect with Tyler on Twitter .

Artwork

1
Can a dev environment spark joy? The Android team thinks so. 37:02

29 days ago37:02

37:02

Get the whole rundown of what’s new in this version of Android Developer’s Studio. Google I/O just happened, and the Android team announced a bunch of things . Connect with Matthew on LinkedIn . Congrats to Populist badge winner chudo xl for their answer to Android app stuck at "Launching on Devices" or 'device 'DEVICEID' not found' error .…

Artwork

1
Durable execution: autosave for your microservices 22:35

5 weeks ago22:35

22:35

DBOS Transact is a lightweight, open-source library that makes durable execution simple so you no longer need to worry about manually coding retries and recovery procedures. Connect with Jeremy on LinkedIn . Connect with Qian on LinkedIn . Shoutout to Stack Overflow user Vanita L. , whose answer to What does the Swift 'mutating' keyword mean? earned them a Lifeboat badge .…

Artwork

1
Salesforce wants to do for agentic AI what they did for SaaS 29:17

5 weeks ago29:17

29:17

The new Salesforce Developer Edition includes access to Data Cloud and Agentforce , Salesforce’s platform for building, customizing, and deploying autonomous AI agents. Developers can sign up here to start building. Connect with Christophe on LinkedIn . Instead of a badge, we have a question for you: If you are a developer who is working with AI agents, what are you building? What tools are you looking for? What problems are you interested in solving with AI tools? Send us an email at podcast@stackoverflow.com.…

Welcome to Player FM!

Player FM is scanning the web for high-quality podcasts for you to enjoy right now. It's the best podcast app and works on Android, iPhone, and the web. Signup to sync subscriptions across devices.

Listen to 500+ topics

Help/FAQ | Advertise with Us

Arts|Business|Comedy|Economics|Entertainment|News|Politics|Religion

Science|Soccer|Sports|Storytelling|Technology|True Crime

Copyright 2025 | Privacy Policy | Terms of Service | | Copyright

Listen to this show while you explore