Secure By Design Is Better Than Secure By Myth - Bob Lord - ASW #365

Not all infosec advice is helpful. Bad advice wastes time, makes people less secure, and takes focus away from making software more secure. Bob Lord talks about his efforts to tamp down hacklore -- the security myths and mistakes that crop up in news stories and advice to users. He talks about how these myths come about, why they're harmful, and how they're related to the necessity of building software that's secure by design. Segment Resources: https://www.hacklore.org/ ...

Not all infosec advice is helpful. Bad advice wastes time, makes people less secure, and takes focus away from making software more secure. Bob Lord talks about his efforts to tamp down hacklore -- the security myths and mistakes that crop up in news stories and advice to users. He talks about how these myths come about, why they're harmful, and how they're related to the necessity of building software that's secure by design.

Segment Resources:

• https://www.hacklore.org/

• https://medium.com/@boblord/lets-stop-hacklore-d5c86a0fdad8

• https://www.cisa.gov/securebydesign

• https://medium.com/@boblord/recurring-classes-of-software-weaknesses-2007-vs-2025-c2cd56125e1a

• https://www.ncsc.gov.uk/report/a-method-to-assess-forgivable-vs-unforgivable-vulnerabilities

• https://99percentinvisible.org/episode/nut-behind-wheel/

• https://timharford.com/2022/05/cautionary-tales-short-a-screw-loose-at-17000ft/

Visit https://www.securityweekly.com/asw for all the latest episodes!

Show Notes: https://securityweekly.com/asw-365